]> git.ipfire.org Git - thirdparty/hostap.git/blob - tests/hwsim/test_ap_psk.py
projects / thirdparty / hostap.git / blob
? search:


e35914c283d1478a9d86f7e32b6816992b3f461c
[thirdparty/hostap.git] / tests / hwsim / test_ap_psk.py
1 # WPA2-Personal tests
2 # Copyright (c) 2014, Qualcomm Atheros, Inc.
3 #
4 # This software may be distributed under the terms of the BSD license.
5 # See README for more details.
6
7 from remotehost import remote_compatible
8 import binascii
9 from Crypto.Cipher import AES
10 import hashlib
11 import hmac
12 import logging
13 logger = logging.getLogger()
14 import os
15 import re
16 import struct
17 import subprocess
18 import time
19
20 import hostapd
21 from utils import HwsimSkip, fail_test, skip_with_fips
22 import hwsim_utils
23 from wpasupplicant import WpaSupplicant
24
25 def check_mib(dev, vals):
26 mib = dev.get_mib()
27 for v in vals:
28 if mib[v[0]] != v[1]:
29 raise Exception("Unexpected {} = {} (expected {})".format(v[0], mib[v[0]], v[1]))
30
31 @remote_compatible
32 def test_ap_wpa2_psk(dev, apdev):
33 """WPA2-PSK AP with PSK instead of passphrase"""
34 ssid = "test-wpa2-psk"
35 passphrase = 'qwertyuiop'
36 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
37 params = hostapd.wpa2_params(ssid=ssid)
38 params['wpa_psk'] = psk
39 hapd = hostapd.add_ap(apdev[0], params)
40 key_mgmt = hapd.get_config()['key_mgmt']
41 if key_mgmt.split(' ')[0] != "WPA-PSK":
42 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
43 dev[0].connect(ssid, raw_psk=psk, scan_freq="2412")
44 dev[1].connect(ssid, psk=passphrase, scan_freq="2412")
45
46 sig = dev[0].request("SIGNAL_POLL").splitlines()
47 pkt = dev[0].request("PKTCNT_POLL").splitlines()
48 if "FREQUENCY=2412" not in sig:
49 raise Exception("Unexpected SIGNAL_POLL value: " + str(sig))
50 if "TXBAD=0" not in pkt:
51 raise Exception("Unexpected TXBAD value: " + str(pkt))
52
53 def test_ap_wpa2_psk_file(dev, apdev):
54 """WPA2-PSK AP with PSK from a file"""
55 ssid = "test-wpa2-psk"
56 passphrase = 'qwertyuiop'
57 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
58 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
59 params['wpa_psk_file'] = 'hostapd.wpa_psk'
60 hostapd.add_ap(apdev[0], params)
61 dev[1].connect(ssid, psk="very secret", scan_freq="2412", wait_connect=False)
62 dev[2].connect(ssid, raw_psk=psk, scan_freq="2412")
63 dev[2].request("REMOVE_NETWORK all")
64 dev[0].connect(ssid, psk="very secret", scan_freq="2412")
65 dev[0].request("REMOVE_NETWORK all")
66 dev[2].connect(ssid, psk="another passphrase for all STAs", scan_freq="2412")
67 dev[0].connect(ssid, psk="another passphrase for all STAs", scan_freq="2412")
68 ev = dev[1].wait_event(["WPA: 4-Way Handshake failed"], timeout=10)
69 if ev is None:
70 raise Exception("Timed out while waiting for failure report")
71 dev[1].request("REMOVE_NETWORK all")
72
73 def check_no_keyid(hapd, dev):
74 addr = dev.own_addr()
75 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=1)
76 if ev is None:
77 raise Exception("No AP-STA-CONNECTED indicated")
78 if addr not in ev:
79 raise Exception("AP-STA-CONNECTED for unexpected STA")
80 if "keyid=" in ev:
81 raise Exception("Unexpected keyid indication")
82
83 def check_keyid(hapd, dev, keyid):
84 addr = dev.own_addr()
85 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=1)
86 if ev is None:
87 raise Exception("No AP-STA-CONNECTED indicated")
88 if addr not in ev:
89 raise Exception("AP-STA-CONNECTED for unexpected STA")
90 if "keyid=" + keyid not in ev:
91 raise Exception("Incorrect keyid indication")
92 sta = hapd.get_sta(addr)
93 if 'keyid' not in sta or sta['keyid'] != keyid:
94 raise Exception("Incorrect keyid in STA output")
95 dev.request("REMOVE_NETWORK all")
96
97 def check_disconnect(dev, expected):
98 for i in range(2):
99 if expected[i]:
100 dev[i].wait_disconnected()
101 dev[i].request("REMOVE_NETWORK all")
102 else:
103 ev = dev[i].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=0.1)
104 if ev is not None:
105 raise Exception("Unexpected disconnection")
106 dev[i].request("REMOVE_NETWORK all")
107 dev[i].wait_disconnected()
108
109 def test_ap_wpa2_psk_file_keyid(dev, apdev, params):
110 """WPA2-PSK AP with PSK from a file (keyid and reload)"""
111 psk_file = os.path.join(params['logdir'], 'ap_wpa2_psk_file_keyid.wpa_psk')
112 with open(psk_file, 'w') as f:
113 f.write('00:00:00:00:00:00 secret passphrase\n')
114 f.write('02:00:00:00:00:00 very secret\n')
115 f.write('00:00:00:00:00:00 another passphrase for all STAs\n')
116 ssid = "test-wpa2-psk"
117 params = hostapd.wpa2_params(ssid=ssid, passphrase='qwertyuiop')
118 params['wpa_psk_file'] = psk_file
119 hapd = hostapd.add_ap(apdev[0], params)
120
121 dev[0].connect(ssid, psk="very secret", scan_freq="2412")
122 check_no_keyid(hapd, dev[0])
123
124 dev[1].connect(ssid, psk="another passphrase for all STAs",
125 scan_freq="2412")
126 check_no_keyid(hapd, dev[1])
127
128 dev[2].connect(ssid, psk="qwertyuiop", scan_freq="2412")
129 check_no_keyid(hapd, dev[2])
130
131 with open(psk_file, 'w') as f:
132 f.write('00:00:00:00:00:00 secret passphrase\n')
133 f.write('02:00:00:00:00:00 very secret\n')
134 f.write('00:00:00:00:00:00 changed passphrase\n')
135 if "OK" not in hapd.request("RELOAD_WPA_PSK"):
136 raise Exception("RELOAD_WPA_PSK failed")
137
138 check_disconnect(dev, [False, True, False])
139
140 with open(psk_file, 'w') as f:
141 f.write('00:00:00:00:00:00 secret passphrase\n')
142 f.write('keyid=foo 02:00:00:00:00:00 very secret\n')
143 f.write('keyid=bar 00:00:00:00:00:00 another passphrase for all STAs\n')
144 if "OK" not in hapd.request("RELOAD_WPA_PSK"):
145 raise Exception("RELOAD_WPA_PSK failed")
146
147 dev[0].connect(ssid, psk="very secret", scan_freq="2412")
148 check_keyid(hapd, dev[0], "foo")
149
150 dev[1].connect(ssid, psk="another passphrase for all STAs",
151 scan_freq="2412")
152 check_keyid(hapd, dev[1], "bar")
153
154 dev[2].connect(ssid, psk="qwertyuiop", scan_freq="2412")
155 check_no_keyid(hapd, dev[2])
156
157 dev[0].wait_disconnected()
158 dev[0].connect(ssid, psk="secret passphrase", scan_freq="2412")
159 check_no_keyid(hapd, dev[0])
160
161 with open(psk_file, 'w') as f:
162 f.write('# empty\n')
163 if "OK" not in hapd.request("RELOAD_WPA_PSK"):
164 raise Exception("RELOAD_WPA_PSK failed")
165
166 check_disconnect(dev, [True, True, False])
167
168 @remote_compatible
169 def test_ap_wpa2_psk_mem(dev, apdev):
170 """WPA2-PSK AP with passphrase only in memory"""
171 try:
172 _test_ap_wpa2_psk_mem(dev, apdev)
173 finally:
174 dev[0].request("SCAN_INTERVAL 5")
175 dev[1].request("SCAN_INTERVAL 5")
176
177 def _test_ap_wpa2_psk_mem(dev, apdev):
178 ssid = "test-wpa2-psk"
179 passphrase = 'qwertyuiop'
180 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
181 params = hostapd.wpa2_params(ssid=ssid)
182 params['wpa_psk'] = psk
183 hapd = hostapd.add_ap(apdev[0], params)
184
185 dev[0].connect(ssid, mem_only_psk="1", scan_freq="2412", wait_connect=False)
186 dev[0].request("SCAN_INTERVAL 1")
187 ev = dev[0].wait_event(["CTRL-REQ-PSK_PASSPHRASE"], timeout=10)
188 if ev is None:
189 raise Exception("Request for PSK/passphrase timed out")
190 id = ev.split(':')[0].split('-')[-1]
191 dev[0].request("CTRL-RSP-PSK_PASSPHRASE-" + id + ':"' + passphrase + '"')
192 dev[0].wait_connected(timeout=10)
193
194 dev[1].connect(ssid, mem_only_psk="1", scan_freq="2412", wait_connect=False)
195 dev[1].request("SCAN_INTERVAL 1")
196 ev = dev[1].wait_event(["CTRL-REQ-PSK_PASSPHRASE"], timeout=10)
197 if ev is None:
198 raise Exception("Request for PSK/passphrase timed out(2)")
199 id = ev.split(':')[0].split('-')[-1]
200 dev[1].request("CTRL-RSP-PSK_PASSPHRASE-" + id + ':' + psk)
201 dev[1].wait_connected(timeout=10)
202
203 @remote_compatible
204 def test_ap_wpa2_ptk_rekey(dev, apdev):
205 """WPA2-PSK AP and PTK rekey enforced by station"""
206 ssid = "test-wpa2-psk"
207 passphrase = 'qwertyuiop'
208 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
209 hapd = hostapd.add_ap(apdev[0], params)
210 dev[0].connect(ssid, psk=passphrase, wpa_ptk_rekey="1", scan_freq="2412")
211 ev = dev[0].wait_event(["WPA: Key negotiation completed"])
212 if ev is None:
213 raise Exception("PTK rekey timed out")
214 hwsim_utils.test_connectivity(dev[0], hapd)
215
216 def test_ap_wpa2_ptk_rekey_anonce(dev, apdev):
217 """WPA2-PSK AP and PTK rekey enforced by station and ANonce change"""
218 ssid = "test-wpa2-psk"
219 passphrase = 'qwertyuiop'
220 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
221 hapd = hostapd.add_ap(apdev[0], params)
222 dev[0].connect(ssid, psk=passphrase, wpa_ptk_rekey="1", scan_freq="2412")
223 dev[0].dump_monitor()
224 anonce1 = dev[0].request("GET anonce")
225 if "OK" not in dev[0].request("KEY_REQUEST 0 1"):
226 raise Exception("KEY_REQUEST failed")
227 ev = dev[0].wait_event(["WPA: Key negotiation completed"])
228 if ev is None:
229 raise Exception("PTK rekey timed out")
230 anonce2 = dev[0].request("GET anonce")
231 if anonce1 == anonce2:
232 raise Exception("AP did not update ANonce in requested PTK rekeying")
233 hwsim_utils.test_connectivity(dev[0], hapd)
234
235 @remote_compatible
236 def test_ap_wpa2_ptk_rekey_ap(dev, apdev):
237 """WPA2-PSK AP and PTK rekey enforced by AP"""
238 ssid = "test-wpa2-psk"
239 passphrase = 'qwertyuiop'
240 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
241 params['wpa_ptk_rekey'] = '2'
242 hapd = hostapd.add_ap(apdev[0], params)
243 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
244 ev = dev[0].wait_event(["WPA: Key negotiation completed"])
245 if ev is None:
246 raise Exception("PTK rekey timed out")
247 hwsim_utils.test_connectivity(dev[0], hapd)
248
249 @remote_compatible
250 def test_ap_wpa2_sha256_ptk_rekey(dev, apdev):
251 """WPA2-PSK/SHA256 AKM AP and PTK rekey enforced by station"""
252 ssid = "test-wpa2-psk"
253 passphrase = 'qwertyuiop'
254 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
255 params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
256 hapd = hostapd.add_ap(apdev[0], params)
257 dev[0].connect(ssid, psk=passphrase, key_mgmt="WPA-PSK-SHA256",
258 wpa_ptk_rekey="1", scan_freq="2412")
259 ev = dev[0].wait_event(["WPA: Key negotiation completed"])
260 if ev is None:
261 raise Exception("PTK rekey timed out")
262 hwsim_utils.test_connectivity(dev[0], hapd)
263 check_mib(dev[0], [("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-6"),
264 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-6")])
265
266 @remote_compatible
267 def test_ap_wpa2_sha256_ptk_rekey_ap(dev, apdev):
268 """WPA2-PSK/SHA256 AKM AP and PTK rekey enforced by AP"""
269 ssid = "test-wpa2-psk"
270 passphrase = 'qwertyuiop'
271 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
272 params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
273 params['wpa_ptk_rekey'] = '2'
274 hapd = hostapd.add_ap(apdev[0], params)
275 dev[0].connect(ssid, psk=passphrase, key_mgmt="WPA-PSK-SHA256",
276 scan_freq="2412")
277 ev = dev[0].wait_event(["WPA: Key negotiation completed"])
278 if ev is None:
279 raise Exception("PTK rekey timed out")
280 hwsim_utils.test_connectivity(dev[0], hapd)
281 check_mib(dev[0], [("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-6"),
282 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-6")])
283
284 @remote_compatible
285 def test_ap_wpa_ptk_rekey(dev, apdev):
286 """WPA-PSK/TKIP AP and PTK rekey enforced by station"""
287 skip_with_fips(dev[0])
288 ssid = "test-wpa-psk"
289 passphrase = 'qwertyuiop'
290 params = hostapd.wpa_params(ssid=ssid, passphrase=passphrase)
291 hapd = hostapd.add_ap(apdev[0], params)
292 dev[0].connect(ssid, psk=passphrase, wpa_ptk_rekey="1", scan_freq="2412")
293 if "[WPA-PSK-TKIP]" not in dev[0].request("SCAN_RESULTS"):
294 raise Exception("Scan results missing WPA element info")
295 ev = dev[0].wait_event(["WPA: Key negotiation completed"])
296 if ev is None:
297 raise Exception("PTK rekey timed out")
298 hwsim_utils.test_connectivity(dev[0], hapd)
299
300 @remote_compatible
301 def test_ap_wpa_ptk_rekey_ap(dev, apdev):
302 """WPA-PSK/TKIP AP and PTK rekey enforced by AP"""
303 skip_with_fips(dev[0])
304 ssid = "test-wpa-psk"
305 passphrase = 'qwertyuiop'
306 params = hostapd.wpa_params(ssid=ssid, passphrase=passphrase)
307 params['wpa_ptk_rekey'] = '2'
308 hapd = hostapd.add_ap(apdev[0], params)
309 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
310 ev = dev[0].wait_event(["WPA: Key negotiation completed"], timeout=10)
311 if ev is None:
312 raise Exception("PTK rekey timed out")
313 hwsim_utils.test_connectivity(dev[0], hapd)
314
315 @remote_compatible
316 def test_ap_wpa_ccmp(dev, apdev):
317 """WPA-PSK/CCMP"""
318 ssid = "test-wpa-psk"
319 passphrase = 'qwertyuiop'
320 params = hostapd.wpa_params(ssid=ssid, passphrase=passphrase)
321 params['wpa_pairwise'] = "CCMP"
322 hapd = hostapd.add_ap(apdev[0], params)
323 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
324 hwsim_utils.test_connectivity(dev[0], hapd)
325 check_mib(dev[0], [("dot11RSNAConfigGroupCipherSize", "128"),
326 ("dot11RSNAGroupCipherRequested", "00-50-f2-4"),
327 ("dot11RSNAPairwiseCipherRequested", "00-50-f2-4"),
328 ("dot11RSNAAuthenticationSuiteRequested", "00-50-f2-2"),
329 ("dot11RSNAGroupCipherSelected", "00-50-f2-4"),
330 ("dot11RSNAPairwiseCipherSelected", "00-50-f2-4"),
331 ("dot11RSNAAuthenticationSuiteSelected", "00-50-f2-2"),
332 ("dot1xSuppSuppControlledPortStatus", "Authorized")])
333
334 def test_ap_wpa2_psk_file_errors(dev, apdev):
335 """WPA2-PSK AP with various PSK file error and success cases"""
336 addr0 = dev[0].own_addr()
337 addr1 = dev[1].own_addr()
338 addr2 = dev[2].own_addr()
339 ssid = "psk"
340 pskfile = "/tmp/ap_wpa2_psk_file_errors.psk_file"
341 try:
342 os.remove(pskfile)
343 except:
344 pass
345
346 params = {"ssid": ssid, "wpa": "2", "wpa_key_mgmt": "WPA-PSK",
347 "rsn_pairwise": "CCMP", "wpa_psk_file": pskfile}
348
349 try:
350 # missing PSK file
351 hapd = hostapd.add_ap(apdev[0], params, no_enable=True)
352 if "FAIL" not in hapd.request("ENABLE"):
353 raise Exception("Unexpected ENABLE success")
354 hapd.request("DISABLE")
355
356 # invalid MAC address
357 with open(pskfile, "w") as f:
358 f.write("\n")
359 f.write("foo\n")
360 if "FAIL" not in hapd.request("ENABLE"):
361 raise Exception("Unexpected ENABLE success")
362 hapd.request("DISABLE")
363
364 # no PSK on line
365 with open(pskfile, "w") as f:
366 f.write("00:11:22:33:44:55\n")
367 if "FAIL" not in hapd.request("ENABLE"):
368 raise Exception("Unexpected ENABLE success")
369 hapd.request("DISABLE")
370
371 # invalid PSK
372 with open(pskfile, "w") as f:
373 f.write("00:11:22:33:44:55 1234567\n")
374 if "FAIL" not in hapd.request("ENABLE"):
375 raise Exception("Unexpected ENABLE success")
376 hapd.request("DISABLE")
377
378 # empty token at the end of the line
379 with open(pskfile, "w") as f:
380 f.write("=\n")
381 if "FAIL" not in hapd.request("ENABLE"):
382 raise Exception("Unexpected ENABLE success")
383 hapd.request("DISABLE")
384
385 # valid PSK file
386 with open(pskfile, "w") as f:
387 f.write("00:11:22:33:44:55 12345678\n")
388 f.write(addr0 + " 123456789\n")
389 f.write(addr1 + " 123456789a\n")
390 f.write(addr2 + " 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef\n")
391 if "FAIL" in hapd.request("ENABLE"):
392 raise Exception("Unexpected ENABLE failure")
393
394 dev[0].connect(ssid, psk="123456789", scan_freq="2412")
395 dev[1].connect(ssid, psk="123456789a", scan_freq="2412")
396 dev[2].connect(ssid, raw_psk="0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef", scan_freq="2412")
397
398 finally:
399 try:
400 os.remove(pskfile)
401 except:
402 pass
403
404 @remote_compatible
405 def test_ap_wpa2_psk_wildcard_ssid(dev, apdev):
406 """WPA2-PSK AP and wildcard SSID configuration"""
407 ssid = "test-wpa2-psk"
408 passphrase = 'qwertyuiop'
409 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
410 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
411 hapd = hostapd.add_ap(apdev[0], params)
412 dev[0].connect("", bssid=apdev[0]['bssid'], psk=passphrase,
413 scan_freq="2412")
414 dev[1].connect("", bssid=apdev[0]['bssid'], raw_psk=psk, scan_freq="2412")
415
416 @remote_compatible
417 def test_ap_wpa2_gtk_rekey(dev, apdev):
418 """WPA2-PSK AP and GTK rekey enforced by AP"""
419 ssid = "test-wpa2-psk"
420 passphrase = 'qwertyuiop'
421 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
422 params['wpa_group_rekey'] = '1'
423 hapd = hostapd.add_ap(apdev[0], params)
424 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
425 ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
426 if ev is None:
427 raise Exception("GTK rekey timed out")
428 hwsim_utils.test_connectivity(dev[0], hapd)
429
430 def test_ap_wpa2_gtk_rekey_request(dev, apdev):
431 """WPA2-PSK AP and GTK rekey by AP request"""
432 ssid = "test-wpa2-psk"
433 passphrase = 'qwertyuiop'
434 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
435 hapd = hostapd.add_ap(apdev[0], params)
436 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
437 if "OK" not in hapd.request("REKEY_GTK"):
438 raise Exception("REKEY_GTK failed")
439 ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
440 if ev is None:
441 raise Exception("GTK rekey timed out")
442 hwsim_utils.test_connectivity(dev[0], hapd)
443
444 @remote_compatible
445 def test_ap_wpa_gtk_rekey(dev, apdev):
446 """WPA-PSK/TKIP AP and GTK rekey enforced by AP"""
447 skip_with_fips(dev[0])
448 ssid = "test-wpa-psk"
449 passphrase = 'qwertyuiop'
450 params = hostapd.wpa_params(ssid=ssid, passphrase=passphrase)
451 params['wpa_group_rekey'] = '1'
452 hapd = hostapd.add_ap(apdev[0], params)
453 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
454 ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
455 if ev is None:
456 raise Exception("GTK rekey timed out")
457 hwsim_utils.test_connectivity(dev[0], hapd)
458
459 @remote_compatible
460 def test_ap_wpa2_gmk_rekey(dev, apdev):
461 """WPA2-PSK AP and GMK and GTK rekey enforced by AP"""
462 ssid = "test-wpa2-psk"
463 passphrase = 'qwertyuiop'
464 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
465 params['wpa_group_rekey'] = '1'
466 params['wpa_gmk_rekey'] = '2'
467 hapd = hostapd.add_ap(apdev[0], params)
468 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
469 for i in range(0, 3):
470 ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
471 if ev is None:
472 raise Exception("GTK rekey timed out")
473 hwsim_utils.test_connectivity(dev[0], hapd)
474
475 @remote_compatible
476 def test_ap_wpa2_strict_rekey(dev, apdev):
477 """WPA2-PSK AP and strict GTK rekey enforced by AP"""
478 ssid = "test-wpa2-psk"
479 passphrase = 'qwertyuiop'
480 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
481 params['wpa_strict_rekey'] = '1'
482 hapd = hostapd.add_ap(apdev[0], params)
483 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
484 dev[1].connect(ssid, psk=passphrase, scan_freq="2412")
485 dev[1].request("DISCONNECT")
486 ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
487 if ev is None:
488 raise Exception("GTK rekey timed out")
489 hwsim_utils.test_connectivity(dev[0], hapd)
490
491 @remote_compatible
492 def test_ap_wpa2_bridge_fdb(dev, apdev):
493 """Bridge FDB entry removal"""
494 hapd = None
495 try:
496 ssid = "test-wpa2-psk"
497 passphrase = "12345678"
498 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
499 params['bridge'] = 'ap-br0'
500 hapd = hostapd.add_ap(apdev[0], params)
501 hapd.cmd_execute(['brctl', 'setfd', 'ap-br0', '0'])
502 hapd.cmd_execute(['ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
503 dev[0].connect(ssid, psk=passphrase, scan_freq="2412",
504 bssid=apdev[0]['bssid'])
505 dev[1].connect(ssid, psk=passphrase, scan_freq="2412",
506 bssid=apdev[0]['bssid'])
507 addr0 = dev[0].p2p_interface_addr()
508 hwsim_utils.test_connectivity_sta(dev[0], dev[1])
509 err, macs1 = hapd.cmd_execute(['brctl', 'showmacs', 'ap-br0'])
510 hapd.cmd_execute(['brctl', 'setageing', 'ap-br0', '1'])
511 dev[0].request("DISCONNECT")
512 dev[1].request("DISCONNECT")
513 time.sleep(1)
514 err, macs2 = hapd.cmd_execute(['brctl', 'showmacs', 'ap-br0'])
515
516 addr1 = dev[1].p2p_interface_addr()
517 if addr0 not in macs1 or addr1 not in macs1:
518 raise Exception("Bridge FDB entry missing")
519 if addr0 in macs2 or addr1 in macs2:
520 raise Exception("Bridge FDB entry was not removed")
521 finally:
522 hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', 'ap-br0',
523 'down'])
524 hostapd.cmd_execute(apdev[0], ['brctl', 'delbr', 'ap-br0'])
525
526 @remote_compatible
527 def test_ap_wpa2_already_in_bridge(dev, apdev):
528 """hostapd behavior with interface already in bridge"""
529 ifname = apdev[0]['ifname']
530 br_ifname = 'ext-ap-br0'
531 try:
532 ssid = "test-wpa2-psk"
533 passphrase = "12345678"
534 hostapd.cmd_execute(apdev[0], ['brctl', 'addbr', br_ifname])
535 hostapd.cmd_execute(apdev[0], ['brctl', 'setfd', br_ifname, '0'])
536 hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', br_ifname,
537 'up'])
538 hostapd.cmd_execute(apdev[0], ['iw', ifname, 'set', 'type', '__ap'])
539 hostapd.cmd_execute(apdev[0], ['brctl', 'addif', br_ifname, ifname])
540 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
541 hapd = hostapd.add_ap(apdev[0], params)
542 if hapd.get_driver_status_field('brname') != br_ifname:
543 raise Exception("Bridge name not identified correctly")
544 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
545 finally:
546 hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', br_ifname,
547 'down'])
548 hostapd.cmd_execute(apdev[0], ['brctl', 'delif', br_ifname, ifname])
549 hostapd.cmd_execute(apdev[0], ['iw', ifname, 'set', 'type', 'station'])
550 hostapd.cmd_execute(apdev[0], ['brctl', 'delbr', br_ifname])
551
552 @remote_compatible
553 def test_ap_wpa2_in_different_bridge(dev, apdev):
554 """hostapd behavior with interface in different bridge"""
555 ifname = apdev[0]['ifname']
556 br_ifname = 'ext-ap-br0'
557 try:
558 ssid = "test-wpa2-psk"
559 passphrase = "12345678"
560 hostapd.cmd_execute(apdev[0], ['brctl', 'addbr', br_ifname])
561 hostapd.cmd_execute(apdev[0], ['brctl', 'setfd', br_ifname, '0'])
562 hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', br_ifname,
563 'up'])
564 hostapd.cmd_execute(apdev[0], ['iw', ifname, 'set', 'type', '__ap'])
565 hostapd.cmd_execute(apdev[0], ['brctl', 'addif', br_ifname, ifname])
566 time.sleep(0.5)
567 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
568 params['bridge'] = 'ap-br0'
569 hapd = hostapd.add_ap(apdev[0], params)
570 hostapd.cmd_execute(apdev[0], ['brctl', 'setfd', 'ap-br0', '0'])
571 hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', 'ap-br0',
572 'up'])
573 brname = hapd.get_driver_status_field('brname')
574 if brname != 'ap-br0':
575 raise Exception("Incorrect bridge: " + brname)
576 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
577 hwsim_utils.test_connectivity_iface(dev[0], hapd, "ap-br0")
578 if hapd.get_driver_status_field("added_bridge") != "1":
579 raise Exception("Unexpected added_bridge value")
580 if hapd.get_driver_status_field("added_if_into_bridge") != "1":
581 raise Exception("Unexpected added_if_into_bridge value")
582 dev[0].request("DISCONNECT")
583 hapd.disable()
584 finally:
585 hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', br_ifname,
586 'down'])
587 hostapd.cmd_execute(apdev[0], ['brctl', 'delif', br_ifname, ifname,
588 "2>", "/dev/null"], shell=True)
589 hostapd.cmd_execute(apdev[0], ['brctl', 'delbr', br_ifname])
590
591 @remote_compatible
592 def test_ap_wpa2_ext_add_to_bridge(dev, apdev):
593 """hostapd behavior with interface added to bridge externally"""
594 ifname = apdev[0]['ifname']
595 br_ifname = 'ext-ap-br0'
596 try:
597 ssid = "test-wpa2-psk"
598 passphrase = "12345678"
599 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
600 hapd = hostapd.add_ap(apdev[0], params)
601
602 hostapd.cmd_execute(apdev[0], ['brctl', 'addbr', br_ifname])
603 hostapd.cmd_execute(apdev[0], ['brctl', 'setfd', br_ifname, '0'])
604 hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', br_ifname,
605 'up'])
606 hostapd.cmd_execute(apdev[0], ['brctl', 'addif', br_ifname, ifname])
607 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
608 if hapd.get_driver_status_field('brname') != br_ifname:
609 raise Exception("Bridge name not identified correctly")
610 finally:
611 hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', br_ifname,
612 'down'])
613 hostapd.cmd_execute(apdev[0], ['brctl', 'delif', br_ifname, ifname])
614 hostapd.cmd_execute(apdev[0], ['brctl', 'delbr', br_ifname])
615
616 def test_ap_wpa2_psk_ext(dev, apdev):
617 """WPA2-PSK AP using external EAPOL I/O"""
618 bssid = apdev[0]['bssid']
619 ssid = "test-wpa2-psk"
620 passphrase = 'qwertyuiop'
621 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
622 params = hostapd.wpa2_params(ssid=ssid)
623 params['wpa_psk'] = psk
624 hapd = hostapd.add_ap(apdev[0], params)
625 hapd.request("SET ext_eapol_frame_io 1")
626 dev[0].request("SET ext_eapol_frame_io 1")
627 dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False)
628 addr = dev[0].p2p_interface_addr()
629 while True:
630 ev = hapd.wait_event(["EAPOL-TX", "AP-STA-CONNECTED"], timeout=15)
631 if ev is None:
632 raise Exception("Timeout on EAPOL-TX from hostapd")
633 if "AP-STA-CONNECTED" in ev:
634 dev[0].wait_connected(timeout=15)
635 break
636 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
637 if "OK" not in res:
638 raise Exception("EAPOL_RX to wpa_supplicant failed")
639 ev = dev[0].wait_event(["EAPOL-TX", "CTRL-EVENT-CONNECTED"], timeout=15)
640 if ev is None:
641 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
642 if "CTRL-EVENT-CONNECTED" in ev:
643 break
644 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
645 if "OK" not in res:
646 raise Exception("EAPOL_RX to hostapd failed")
647
648 def test_ap_wpa2_psk_ext_retry_msg_3(dev, apdev):
649 """WPA2-PSK AP using external EAPOL I/O and retry for EAPOL-Key msg 3/4"""
650 bssid = apdev[0]['bssid']
651 ssid = "test-wpa2-psk"
652 passphrase = 'qwertyuiop'
653 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
654 params = hostapd.wpa2_params(ssid=ssid)
655 params['wpa_psk'] = psk
656 hapd = hostapd.add_ap(apdev[0], params)
657 hapd.request("SET ext_eapol_frame_io 1")
658 dev[0].request("SET ext_eapol_frame_io 1")
659 dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False)
660 addr = dev[0].p2p_interface_addr()
661
662 # EAPOL-Key msg 1/4
663 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
664 if ev is None:
665 raise Exception("Timeout on EAPOL-TX from hostapd")
666 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
667 if "OK" not in res:
668 raise Exception("EAPOL_RX to wpa_supplicant failed")
669
670 # EAPOL-Key msg 2/4
671 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
672 if ev is None:
673 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
674 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
675 if "OK" not in res:
676 raise Exception("EAPOL_RX to hostapd failed")
677
678 # EAPOL-Key msg 3/4
679 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
680 if ev is None:
681 raise Exception("Timeout on EAPOL-TX from hostapd")
682 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
683 if "OK" not in res:
684 raise Exception("EAPOL_RX to wpa_supplicant failed")
685
686 # EAPOL-Key msg 4/4
687 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
688 if ev is None:
689 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
690 # Do not send to the AP
691 dev[0].wait_connected(timeout=15)
692
693 # EAPOL-Key msg 3/4 (retry)
694 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
695 if ev is None:
696 raise Exception("Timeout on EAPOL-TX from hostapd")
697 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
698 if "OK" not in res:
699 raise Exception("EAPOL_RX to wpa_supplicant failed")
700
701 # EAPOL-Key msg 4/4
702 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
703 if ev is None:
704 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
705 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
706 if "OK" not in res:
707 raise Exception("EAPOL_RX to hostapd failed")
708
709 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=15)
710 if ev is None:
711 raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
712
713 hwsim_utils.test_connectivity(dev[0], hapd)
714
715 def test_ap_wpa2_psk_ext_retry_msg_3b(dev, apdev):
716 """WPA2-PSK AP using external EAPOL I/O and retry for EAPOL-Key msg 3/4 (b)"""
717 bssid = apdev[0]['bssid']
718 ssid = "test-wpa2-psk"
719 passphrase = 'qwertyuiop'
720 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
721 params = hostapd.wpa2_params(ssid=ssid)
722 params['wpa_psk'] = psk
723 hapd = hostapd.add_ap(apdev[0], params)
724 hapd.request("SET ext_eapol_frame_io 1")
725 dev[0].request("SET ext_eapol_frame_io 1")
726 dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False)
727 addr = dev[0].p2p_interface_addr()
728
729 # EAPOL-Key msg 1/4
730 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
731 if ev is None:
732 raise Exception("Timeout on EAPOL-TX from hostapd")
733 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
734 if "OK" not in res:
735 raise Exception("EAPOL_RX to wpa_supplicant failed")
736
737 # EAPOL-Key msg 2/4
738 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
739 if ev is None:
740 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
741 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
742 if "OK" not in res:
743 raise Exception("EAPOL_RX to hostapd failed")
744
745 # EAPOL-Key msg 3/4
746 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
747 if ev is None:
748 raise Exception("Timeout on EAPOL-TX from hostapd")
749 # Do not send the first msg 3/4 to the STA yet; wait for retransmission
750 # from AP.
751 msg3_1 = ev
752
753 # EAPOL-Key msg 3/4 (retry)
754 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
755 if ev is None:
756 raise Exception("Timeout on EAPOL-TX from hostapd")
757 msg3_2 = ev
758
759 # Send the first msg 3/4 to STA
760 res = dev[0].request("EAPOL_RX " + bssid + " " + msg3_1.split(' ')[2])
761 if "OK" not in res:
762 raise Exception("EAPOL_RX to wpa_supplicant failed")
763
764 # EAPOL-Key msg 4/4
765 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
766 if ev is None:
767 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
768 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
769 if "OK" not in res:
770 raise Exception("EAPOL_RX to hostapd failed")
771 dev[0].wait_connected(timeout=15)
772 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=15)
773 if ev is None:
774 raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
775
776 hwsim_utils.test_connectivity(dev[0], hapd)
777
778 # Send the second msg 3/4 to STA
779 res = dev[0].request("EAPOL_RX " + bssid + " " + msg3_2.split(' ')[2])
780 if "OK" not in res:
781 raise Exception("EAPOL_RX to wpa_supplicant failed")
782 # EAPOL-Key msg 4/4
783 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
784 if ev is None:
785 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
786 # Do not send the second msg 4/4 to the AP
787
788 hwsim_utils.test_connectivity(dev[0], hapd)
789
790 def test_ap_wpa2_psk_ext_retry_msg_3c(dev, apdev):
791 """WPA2-PSK AP using external EAPOL I/O and retry for EAPOL-Key msg 3/4 (c)"""
792 bssid = apdev[0]['bssid']
793 ssid = "test-wpa2-psk"
794 passphrase = 'qwertyuiop'
795 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
796 params = hostapd.wpa2_params(ssid=ssid)
797 params['wpa_psk'] = psk
798 hapd = hostapd.add_ap(apdev[0], params)
799 hapd.request("SET ext_eapol_frame_io 1")
800 dev[0].request("SET ext_eapol_frame_io 1")
801 dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False)
802 addr = dev[0].p2p_interface_addr()
803
804 # EAPOL-Key msg 1/4
805 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
806 if ev is None:
807 raise Exception("Timeout on EAPOL-TX from hostapd")
808 msg1 = ev.split(' ')[2]
809 res = dev[0].request("EAPOL_RX " + bssid + " " + msg1)
810 if "OK" not in res:
811 raise Exception("EAPOL_RX to wpa_supplicant failed")
812
813 # EAPOL-Key msg 2/4
814 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
815 if ev is None:
816 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
817 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
818 if "OK" not in res:
819 raise Exception("EAPOL_RX to hostapd failed")
820
821 # EAPOL-Key msg 3/4
822 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
823 if ev is None:
824 raise Exception("Timeout on EAPOL-TX from hostapd")
825 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
826 if "OK" not in res:
827 raise Exception("EAPOL_RX to wpa_supplicant failed")
828
829 # EAPOL-Key msg 4/4
830 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
831 if ev is None:
832 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
833 msg4 = ev.split(' ')[2]
834 # Do not send msg 4/4 to hostapd to trigger retry
835
836 # STA believes everything is ready
837 dev[0].wait_connected()
838
839 # EAPOL-Key msg 3/4 (retry)
840 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
841 if ev is None:
842 raise Exception("Timeout on EAPOL-TX from hostapd")
843 msg3 = ev.split(' ')[2]
844
845 # Send a forged msg 1/4 to STA (update replay counter)
846 msg1b = msg1[0:18] + msg3[18:34] + msg1[34:]
847 # and replace nonce (this results in "WPA: ANonce from message 1 of
848 # 4-Way Handshake differs from 3 of 4-Way Handshake - drop packet" when
849 # wpa_supplicant processed msg 3/4 afterwards)
850 #msg1b = msg1[0:18] + msg3[18:34] + 32*"ff" + msg1[98:]
851 res = dev[0].request("EAPOL_RX " + bssid + " " + msg1b)
852 if "OK" not in res:
853 raise Exception("EAPOL_RX to wpa_supplicant failed")
854 # EAPOL-Key msg 2/4
855 ev = dev[0].wait_event(["EAPOL-TX"], timeout=1)
856 if ev is None:
857 # wpa_supplicant seems to have ignored the forged message. This means
858 # the attack would fail.
859 logger.info("wpa_supplicant ignored forged EAPOL-Key msg 1/4")
860 return
861 # Do not send msg 2/4 to hostapd
862
863 # Send previously received msg 3/4 to STA
864 res = dev[0].request("EAPOL_RX " + bssid + " " + msg3)
865 if "OK" not in res:
866 raise Exception("EAPOL_RX to wpa_supplicant failed")
867
868 # EAPOL-Key msg 4/4
869 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
870 if ev is None:
871 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
872 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
873 if "OK" not in res:
874 raise Exception("EAPOL_RX to hostapd failed")
875
876 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=15)
877 if ev is None:
878 raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
879
880 hwsim_utils.test_connectivity(dev[0], hapd)
881
882 def test_ap_wpa2_psk_ext_retry_msg_3d(dev, apdev):
883 """WPA2-PSK AP using external EAPOL I/O and retry for EAPOL-Key msg 3/4 (d)"""
884 bssid = apdev[0]['bssid']
885 ssid = "test-wpa2-psk"
886 passphrase = 'qwertyuiop'
887 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
888 params = hostapd.wpa2_params(ssid=ssid)
889 params['wpa_psk'] = psk
890 hapd = hostapd.add_ap(apdev[0], params)
891 hapd.request("SET ext_eapol_frame_io 1")
892 dev[0].request("SET ext_eapol_frame_io 1")
893 dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False)
894 addr = dev[0].p2p_interface_addr()
895
896 # EAPOL-Key msg 1/4
897 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
898 if ev is None:
899 raise Exception("Timeout on EAPOL-TX from hostapd")
900 msg1 = ev.split(' ')[2]
901 res = dev[0].request("EAPOL_RX " + bssid + " " + msg1)
902 if "OK" not in res:
903 raise Exception("EAPOL_RX to wpa_supplicant failed")
904
905 # EAPOL-Key msg 2/4
906 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
907 if ev is None:
908 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
909 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
910 if "OK" not in res:
911 raise Exception("EAPOL_RX to hostapd failed")
912
913 # EAPOL-Key msg 3/4
914 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
915 if ev is None:
916 raise Exception("Timeout on EAPOL-TX from hostapd")
917 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
918 if "OK" not in res:
919 raise Exception("EAPOL_RX to wpa_supplicant failed")
920
921 # EAPOL-Key msg 4/4
922 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
923 if ev is None:
924 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
925 msg4 = ev.split(' ')[2]
926 # Do not send msg 4/4 to hostapd to trigger retry
927
928 # STA believes everything is ready
929 dev[0].wait_connected()
930
931 # EAPOL-Key msg 3/4 (retry)
932 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
933 if ev is None:
934 raise Exception("Timeout on EAPOL-TX from hostapd")
935 msg3 = ev.split(' ')[2]
936
937 # Send a forged msg 1/4 to STA (update replay counter)
938 msg1b = msg1[0:18] + msg3[18:34] + msg1[34:]
939 res = dev[0].request("EAPOL_RX " + bssid + " " + msg1b)
940 if "OK" not in res:
941 raise Exception("EAPOL_RX to wpa_supplicant failed")
942 # EAPOL-Key msg 2/4
943 ev = dev[0].wait_event(["EAPOL-TX"], timeout=1)
944 if ev is None:
945 # wpa_supplicant seems to have ignored the forged message. This means
946 # the attack would fail.
947 logger.info("wpa_supplicant ignored forged EAPOL-Key msg 1/4")
948 return
949 # Do not send msg 2/4 to hostapd
950
951 # EAPOL-Key msg 3/4 (retry 2)
952 # New one needed to get the correct Replay Counter value
953 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
954 if ev is None:
955 raise Exception("Timeout on EAPOL-TX from hostapd")
956 msg3 = ev.split(' ')[2]
957
958 # Send msg 3/4 to STA
959 res = dev[0].request("EAPOL_RX " + bssid + " " + msg3)
960 if "OK" not in res:
961 raise Exception("EAPOL_RX to wpa_supplicant failed")
962
963 # EAPOL-Key msg 4/4
964 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
965 if ev is None:
966 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
967 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
968 if "OK" not in res:
969 raise Exception("EAPOL_RX to hostapd failed")
970
971 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=15)
972 if ev is None:
973 raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
974
975 hwsim_utils.test_connectivity(dev[0], hapd)
976
977 def test_ap_wpa2_psk_ext_retry_msg_3e(dev, apdev):
978 """WPA2-PSK AP using external EAPOL I/O and retry for EAPOL-Key msg 3/4 (e)"""
979 bssid = apdev[0]['bssid']
980 ssid = "test-wpa2-psk"
981 passphrase = 'qwertyuiop'
982 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
983 params = hostapd.wpa2_params(ssid=ssid)
984 params['wpa_psk'] = psk
985 hapd = hostapd.add_ap(apdev[0], params)
986 hapd.request("SET ext_eapol_frame_io 1")
987 dev[0].request("SET ext_eapol_frame_io 1")
988 dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False)
989 addr = dev[0].p2p_interface_addr()
990
991 # EAPOL-Key msg 1/4
992 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
993 if ev is None:
994 raise Exception("Timeout on EAPOL-TX from hostapd")
995 msg1 = ev.split(' ')[2]
996 res = dev[0].request("EAPOL_RX " + bssid + " " + msg1)
997 if "OK" not in res:
998 raise Exception("EAPOL_RX to wpa_supplicant failed")
999
1000 # EAPOL-Key msg 2/4
1001 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
1002 if ev is None:
1003 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
1004 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
1005 if "OK" not in res:
1006 raise Exception("EAPOL_RX to hostapd failed")
1007
1008 # EAPOL-Key msg 3/4
1009 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
1010 if ev is None:
1011 raise Exception("Timeout on EAPOL-TX from hostapd")
1012 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
1013 if "OK" not in res:
1014 raise Exception("EAPOL_RX to wpa_supplicant failed")
1015
1016 # EAPOL-Key msg 4/4
1017 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
1018 if ev is None:
1019 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
1020 msg4 = ev.split(' ')[2]
1021 # Do not send msg 4/4 to hostapd to trigger retry
1022
1023 # STA believes everything is ready
1024 dev[0].wait_connected()
1025
1026 # EAPOL-Key msg 3/4 (retry)
1027 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
1028 if ev is None:
1029 raise Exception("Timeout on EAPOL-TX from hostapd")
1030 msg3 = ev.split(' ')[2]
1031
1032 # Send a forged msg 1/4 to STA (update replay counter and replace ANonce)
1033 msg1b = msg1[0:18] + msg3[18:34] + 32*"ff" + msg1[98:]
1034 res = dev[0].request("EAPOL_RX " + bssid + " " + msg1b)
1035 if "OK" not in res:
1036 raise Exception("EAPOL_RX to wpa_supplicant failed")
1037 # EAPOL-Key msg 2/4
1038 ev = dev[0].wait_event(["EAPOL-TX"], timeout=1)
1039 if ev is None:
1040 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
1041 # Do not send msg 2/4 to hostapd
1042
1043 # Send a forged msg 1/4 to STA (back to previously used ANonce)
1044 msg1b = msg1[0:18] + msg3[18:34] + msg1[34:]
1045 res = dev[0].request("EAPOL_RX " + bssid + " " + msg1b)
1046 if "OK" not in res:
1047 raise Exception("EAPOL_RX to wpa_supplicant failed")
1048 # EAPOL-Key msg 2/4
1049 ev = dev[0].wait_event(["EAPOL-TX"], timeout=1)
1050 if ev is None:
1051 # wpa_supplicant seems to have ignored the forged message. This means
1052 # the attack would fail.
1053 logger.info("wpa_supplicant ignored forged EAPOL-Key msg 1/4")
1054 return
1055 # Do not send msg 2/4 to hostapd
1056
1057 # EAPOL-Key msg 3/4 (retry 2)
1058 # New one needed to get the correct Replay Counter value
1059 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
1060 if ev is None:
1061 raise Exception("Timeout on EAPOL-TX from hostapd")
1062 msg3 = ev.split(' ')[2]
1063
1064 # Send msg 3/4 to STA
1065 res = dev[0].request("EAPOL_RX " + bssid + " " + msg3)
1066 if "OK" not in res:
1067 raise Exception("EAPOL_RX to wpa_supplicant failed")
1068
1069 # EAPOL-Key msg 4/4
1070 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
1071 if ev is None:
1072 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
1073 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
1074 if "OK" not in res:
1075 raise Exception("EAPOL_RX to hostapd failed")
1076
1077 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=15)
1078 if ev is None:
1079 raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
1080
1081 hwsim_utils.test_connectivity(dev[0], hapd)
1082
1083 def test_ap_wpa2_psk_ext_delayed_ptk_rekey(dev, apdev):
1084 """WPA2-PSK AP using external EAPOL I/O and delayed PTK rekey exchange"""
1085 bssid = apdev[0]['bssid']
1086 ssid = "test-wpa2-psk"
1087 passphrase = 'qwertyuiop'
1088 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
1089 params = hostapd.wpa2_params(ssid=ssid)
1090 params['wpa_psk'] = psk
1091 params['wpa_ptk_rekey'] = '3'
1092 hapd = hostapd.add_ap(apdev[0], params)
1093 hapd.request("SET ext_eapol_frame_io 1")
1094 dev[0].request("SET ext_eapol_frame_io 1")
1095 dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False)
1096 addr = dev[0].p2p_interface_addr()
1097
1098 # EAPOL-Key msg 1/4
1099 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
1100 if ev is None:
1101 raise Exception("Timeout on EAPOL-TX from hostapd")
1102 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
1103 if "OK" not in res:
1104 raise Exception("EAPOL_RX to wpa_supplicant failed")
1105
1106 # EAPOL-Key msg 2/4
1107 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
1108 if ev is None:
1109 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
1110 msg2 = ev.split(' ')[2]
1111 # Do not send this to the AP
1112
1113 # EAPOL-Key msg 1/4 (retry)
1114 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
1115 if ev is None:
1116 raise Exception("Timeout on EAPOL-TX from hostapd")
1117 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
1118 if "OK" not in res:
1119 raise Exception("EAPOL_RX to wpa_supplicant failed")
1120
1121 # EAPOL-Key msg 2/4
1122 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
1123 if ev is None:
1124 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
1125 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
1126 if "OK" not in res:
1127 raise Exception("EAPOL_RX to hostapd failed")
1128
1129 # EAPOL-Key msg 3/4
1130 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
1131 if ev is None:
1132 raise Exception("Timeout on EAPOL-TX from hostapd")
1133 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
1134 if "OK" not in res:
1135 raise Exception("EAPOL_RX to wpa_supplicant failed")
1136
1137 # EAPOL-Key msg 4/4
1138 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
1139 if ev is None:
1140 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
1141 msg4 = ev.split(' ')[2]
1142 # Do not send msg 4/4 to AP
1143
1144 # EAPOL-Key msg 3/4 (retry)
1145 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
1146 if ev is None:
1147 raise Exception("Timeout on EAPOL-TX from hostapd")
1148 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
1149 if "OK" not in res:
1150 raise Exception("EAPOL_RX to wpa_supplicant failed")
1151
1152 # EAPOL-Key msg 4/4
1153 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
1154 if ev is None:
1155 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
1156 msg4b = ev.split(' ')[2]
1157 # Do not send msg 4/4 to AP
1158
1159 # Send the previous EAPOL-Key msg 4/4 to AP
1160 res = hapd.request("EAPOL_RX " + addr + " " + msg4)
1161 if "OK" not in res:
1162 raise Exception("EAPOL_RX to hostapd failed")
1163
1164 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=15)
1165 if ev is None:
1166 raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
1167
1168 # Wait for PTK rekeying to be initialized
1169 # EAPOL-Key msg 1/4
1170 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
1171 if ev is None:
1172 raise Exception("Timeout on EAPOL-TX from hostapd")
1173
1174 # EAPOL-Key msg 2/4 from the previous 4-way handshake
1175 # hostapd is expected to ignore this due to unexpected Replay Counter
1176 res = hapd.request("EAPOL_RX " + addr + " " + msg2)
1177 if "OK" not in res:
1178 raise Exception("EAPOL_RX to hostapd failed")
1179
1180 # EAPOL-Key msg 3/4 (actually, this ends up being retransmitted 1/4)
1181 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
1182 if ev is None:
1183 raise Exception("Timeout on EAPOL-TX from hostapd")
1184 keyinfo = ev.split(' ')[2][10:14]
1185 if keyinfo != "008a":
1186 raise Exception("Unexpected key info when expected msg 1/4:" + keyinfo)
1187
1188 # EAPOL-Key msg 4/4 from the previous 4-way handshake
1189 # hostapd is expected to ignore this due to unexpected Replay Counter
1190 res = hapd.request("EAPOL_RX " + addr + " " + msg4b)
1191 if "OK" not in res:
1192 raise Exception("EAPOL_RX to hostapd failed")
1193
1194 # Check if any more EAPOL-Key frames are seen. If the second 4-way handshake
1195 # was accepted, there would be no more EAPOL-Key frames. If the Replay
1196 # Counters were rejected, there would be a retransmitted msg 1/4 here.
1197 ev = hapd.wait_event(["EAPOL-TX"], timeout=1)
1198 if ev is None:
1199 raise Exception("Did not see EAPOL-TX from hostapd in the end (expected msg 1/4)")
1200 keyinfo = ev.split(' ')[2][10:14]
1201 if keyinfo != "008a":
1202 raise Exception("Unexpected key info when expected msg 1/4:" + keyinfo)
1203
1204 def parse_eapol(data):
1205 (version, type, length) = struct.unpack('>BBH', data[0:4])
1206 payload = data[4:]
1207 if length > len(payload):
1208 raise Exception("Invalid EAPOL length")
1209 if length < len(payload):
1210 payload = payload[0:length]
1211 eapol = {}
1212 eapol['version'] = version
1213 eapol['type'] = type
1214 eapol['length'] = length
1215 eapol['payload'] = payload
1216 if type == 3:
1217 # EAPOL-Key
1218 (eapol['descr_type'],) = struct.unpack('B', payload[0:1])
1219 payload = payload[1:]
1220 if eapol['descr_type'] == 2 or eapol['descr_type'] == 254:
1221 # RSN EAPOL-Key
1222 (key_info, key_len) = struct.unpack('>HH', payload[0:4])
1223 eapol['rsn_key_info'] = key_info
1224 eapol['rsn_key_len'] = key_len
1225 eapol['rsn_replay_counter'] = payload[4:12]
1226 eapol['rsn_key_nonce'] = payload[12:44]
1227 eapol['rsn_key_iv'] = payload[44:60]
1228 eapol['rsn_key_rsc'] = payload[60:68]
1229 eapol['rsn_key_id'] = payload[68:76]
1230 eapol['rsn_key_mic'] = payload[76:92]
1231 payload = payload[92:]
1232 (eapol['rsn_key_data_len'],) = struct.unpack('>H', payload[0:2])
1233 payload = payload[2:]
1234 eapol['rsn_key_data'] = payload
1235 return eapol
1236
1237 def build_eapol(msg):
1238 data = struct.pack(">BBH", msg['version'], msg['type'], msg['length'])
1239 if msg['type'] == 3:
1240 data += struct.pack('>BHH', msg['descr_type'], msg['rsn_key_info'],
1241 msg['rsn_key_len'])
1242 data += msg['rsn_replay_counter']
1243 data += msg['rsn_key_nonce']
1244 data += msg['rsn_key_iv']
1245 data += msg['rsn_key_rsc']
1246 data += msg['rsn_key_id']
1247 data += msg['rsn_key_mic']
1248 data += struct.pack('>H', msg['rsn_key_data_len'])
1249 data += msg['rsn_key_data']
1250 else:
1251 data += msg['payload']
1252 return data
1253
1254 def sha1_prf(key, label, data, outlen):
1255 res = b''
1256 counter = 0
1257 while outlen > 0:
1258 m = hmac.new(key, label.encode(), hashlib.sha1)
1259 m.update(struct.pack('B', 0))
1260 m.update(data)
1261 m.update(struct.pack('B', counter))
1262 counter += 1
1263 hash = m.digest()
1264 if outlen > len(hash):
1265 res += hash
1266 outlen -= len(hash)
1267 else:
1268 res += hash[0:outlen]
1269 outlen = 0
1270 return res
1271
1272 def pmk_to_ptk(pmk, addr1, addr2, nonce1, nonce2):
1273 if addr1 < addr2:
1274 data = binascii.unhexlify(addr1.replace(':', '')) + binascii.unhexlify(addr2.replace(':', ''))
1275 else:
1276 data = binascii.unhexlify(addr2.replace(':', '')) + binascii.unhexlify(addr1.replace(':', ''))
1277 if nonce1 < nonce2:
1278 data += nonce1 + nonce2
1279 else:
1280 data += nonce2 + nonce1
1281 label = "Pairwise key expansion"
1282 ptk = sha1_prf(pmk, label, data, 48)
1283 kck = ptk[0:16]
1284 kek = ptk[16:32]
1285 return (ptk, kck, kek)
1286
1287 def eapol_key_mic(kck, msg):
1288 msg['rsn_key_mic'] = binascii.unhexlify('00000000000000000000000000000000')
1289 data = build_eapol(msg)
1290 m = hmac.new(kck, data, hashlib.sha1)
1291 msg['rsn_key_mic'] = m.digest()[0:16]
1292
1293 def rsn_eapol_key_set(msg, key_info, key_len, nonce, data):
1294 msg['rsn_key_info'] = key_info
1295 msg['rsn_key_len'] = key_len
1296 if nonce:
1297 msg['rsn_key_nonce'] = nonce
1298 else:
1299 msg['rsn_key_nonce'] = binascii.unhexlify('0000000000000000000000000000000000000000000000000000000000000000')
1300 if data:
1301 msg['rsn_key_data_len'] = len(data)
1302 msg['rsn_key_data'] = data
1303 msg['length'] = 95 + len(data)
1304 else:
1305 msg['rsn_key_data_len'] = 0
1306 msg['rsn_key_data'] = b''
1307 msg['length'] = 95
1308
1309 def recv_eapol(hapd):
1310 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
1311 if ev is None:
1312 raise Exception("Timeout on EAPOL-TX from hostapd")
1313 eapol = binascii.unhexlify(ev.split(' ')[2])
1314 return parse_eapol(eapol)
1315
1316 def send_eapol(hapd, addr, data):
1317 res = hapd.request("EAPOL_RX " + addr + " " + binascii.hexlify(data).decode())
1318 if "OK" not in res:
1319 raise Exception("EAPOL_RX to hostapd failed")
1320
1321 def reply_eapol(info, hapd, addr, msg, key_info, nonce, data, kck):
1322 logger.info("Send EAPOL-Key msg " + info)
1323 rsn_eapol_key_set(msg, key_info, 0, nonce, data)
1324 eapol_key_mic(kck, msg)
1325 send_eapol(hapd, addr, build_eapol(msg))
1326
1327 def hapd_connected(hapd):
1328 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=15)
1329 if ev is None:
1330 raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
1331
1332 def eapol_test(apdev, dev, wpa2=True):
1333 bssid = apdev['bssid']
1334 if wpa2:
1335 ssid = "test-wpa2-psk"
1336 else:
1337 ssid = "test-wpa-psk"
1338 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
1339 pmk = binascii.unhexlify(psk)
1340 if wpa2:
1341 params = hostapd.wpa2_params(ssid=ssid)
1342 else:
1343 params = hostapd.wpa_params(ssid=ssid)
1344 params['wpa_psk'] = psk
1345 hapd = hostapd.add_ap(apdev, params)
1346 hapd.request("SET ext_eapol_frame_io 1")
1347 dev.request("SET ext_eapol_frame_io 1")
1348 dev.connect(ssid, raw_psk=psk, scan_freq="2412", wait_connect=False)
1349 addr = dev.p2p_interface_addr()
1350 if wpa2:
1351 rsne = binascii.unhexlify('30140100000fac040100000fac040100000fac020000')
1352 else:
1353 rsne = binascii.unhexlify('dd160050f20101000050f20201000050f20201000050f202')
1354 snonce = binascii.unhexlify('1111111111111111111111111111111111111111111111111111111111111111')
1355 return (bssid, ssid, hapd, snonce, pmk, addr, rsne)
1356
1357 @remote_compatible
1358 def test_ap_wpa2_psk_ext_eapol(dev, apdev):
1359 """WPA2-PSK AP using external EAPOL supplicant"""
1360 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
1361
1362 msg = recv_eapol(hapd)
1363 anonce = msg['rsn_key_nonce']
1364 logger.info("Replay same data back")
1365 send_eapol(hapd, addr, build_eapol(msg))
1366
1367 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1368
1369 logger.info("Truncated Key Data in EAPOL-Key msg 2/4")
1370 rsn_eapol_key_set(msg, 0x0101, 0, snonce, rsne)
1371 msg['length'] = 95 + 22 - 1
1372 send_eapol(hapd, addr, build_eapol(msg))
1373
1374 reply_eapol("2/4", hapd, addr, msg, 0x010a, snonce, rsne, kck)
1375
1376 msg = recv_eapol(hapd)
1377 if anonce != msg['rsn_key_nonce']:
1378 raise Exception("ANonce changed")
1379 logger.info("Replay same data back")
1380 send_eapol(hapd, addr, build_eapol(msg))
1381
1382 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
1383 hapd_connected(hapd)
1384
1385 @remote_compatible
1386 def test_ap_wpa2_psk_ext_eapol_retry1(dev, apdev):
1387 """WPA2 4-way handshake with EAPOL-Key 1/4 retransmitted"""
1388 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
1389
1390 msg1 = recv_eapol(hapd)
1391 anonce = msg1['rsn_key_nonce']
1392
1393 msg2 = recv_eapol(hapd)
1394 if anonce != msg2['rsn_key_nonce']:
1395 raise Exception("ANonce changed")
1396
1397 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1398
1399 logger.info("Send EAPOL-Key msg 2/4")
1400 msg = msg2
1401 rsn_eapol_key_set(msg, 0x010a, 0, snonce, rsne)
1402 eapol_key_mic(kck, msg)
1403 send_eapol(hapd, addr, build_eapol(msg))
1404
1405 msg = recv_eapol(hapd)
1406 if anonce != msg['rsn_key_nonce']:
1407 raise Exception("ANonce changed")
1408
1409 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
1410 hapd_connected(hapd)
1411
1412 @remote_compatible
1413 def test_ap_wpa2_psk_ext_eapol_retry1b(dev, apdev):
1414 """WPA2 4-way handshake with EAPOL-Key 1/4 and 2/4 retransmitted"""
1415 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
1416
1417 msg1 = recv_eapol(hapd)
1418 anonce = msg1['rsn_key_nonce']
1419 msg2 = recv_eapol(hapd)
1420 if anonce != msg2['rsn_key_nonce']:
1421 raise Exception("ANonce changed")
1422
1423 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1424 reply_eapol("2/4 (a)", hapd, addr, msg1, 0x010a, snonce, rsne, kck)
1425 reply_eapol("2/4 (b)", hapd, addr, msg2, 0x010a, snonce, rsne, kck)
1426
1427 msg = recv_eapol(hapd)
1428 if anonce != msg['rsn_key_nonce']:
1429 raise Exception("ANonce changed")
1430
1431 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
1432 hapd_connected(hapd)
1433
1434 @remote_compatible
1435 def test_ap_wpa2_psk_ext_eapol_retry1c(dev, apdev):
1436 """WPA2 4-way handshake with EAPOL-Key 1/4 and 2/4 retransmitted and SNonce changing"""
1437 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
1438
1439 msg1 = recv_eapol(hapd)
1440 anonce = msg1['rsn_key_nonce']
1441
1442 msg2 = recv_eapol(hapd)
1443 if anonce != msg2['rsn_key_nonce']:
1444 raise Exception("ANonce changed")
1445 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1446 reply_eapol("2/4 (a)", hapd, addr, msg1, 0x010a, snonce, rsne, kck)
1447
1448 snonce2 = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1449 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce2, anonce)
1450 reply_eapol("2/4 (b)", hapd, addr, msg2, 0x010a, snonce2, rsne, kck)
1451
1452 msg = recv_eapol(hapd)
1453 if anonce != msg['rsn_key_nonce']:
1454 raise Exception("ANonce changed")
1455 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
1456 hapd_connected(hapd)
1457
1458 @remote_compatible
1459 def test_ap_wpa2_psk_ext_eapol_retry1d(dev, apdev):
1460 """WPA2 4-way handshake with EAPOL-Key 1/4 and 2/4 retransmitted and SNonce changing and older used"""
1461 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
1462
1463 msg1 = recv_eapol(hapd)
1464 anonce = msg1['rsn_key_nonce']
1465 msg2 = recv_eapol(hapd)
1466 if anonce != msg2['rsn_key_nonce']:
1467 raise Exception("ANonce changed")
1468
1469 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1470 reply_eapol("2/4 (a)", hapd, addr, msg1, 0x010a, snonce, rsne, kck)
1471
1472 snonce2 = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1473 (ptk2, kck2, kek2) = pmk_to_ptk(pmk, addr, bssid, snonce2, anonce)
1474
1475 reply_eapol("2/4 (b)", hapd, addr, msg2, 0x010a, snonce2, rsne, kck2)
1476 msg = recv_eapol(hapd)
1477 if anonce != msg['rsn_key_nonce']:
1478 raise Exception("ANonce changed")
1479 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
1480 hapd_connected(hapd)
1481
1482 @remote_compatible
1483 def test_ap_wpa2_psk_ext_eapol_type_diff(dev, apdev):
1484 """WPA2 4-way handshake using external EAPOL supplicant"""
1485 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
1486
1487 msg = recv_eapol(hapd)
1488 anonce = msg['rsn_key_nonce']
1489
1490 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1491
1492 # Incorrect descriptor type (frame dropped)
1493 msg['descr_type'] = 253
1494 rsn_eapol_key_set(msg, 0x010a, 0, snonce, rsne)
1495 eapol_key_mic(kck, msg)
1496 send_eapol(hapd, addr, build_eapol(msg))
1497
1498 # Incorrect descriptor type, but with a workaround (frame processed)
1499 msg['descr_type'] = 254
1500 rsn_eapol_key_set(msg, 0x010a, 0, snonce, rsne)
1501 eapol_key_mic(kck, msg)
1502 send_eapol(hapd, addr, build_eapol(msg))
1503
1504 msg = recv_eapol(hapd)
1505 if anonce != msg['rsn_key_nonce']:
1506 raise Exception("ANonce changed")
1507 logger.info("Replay same data back")
1508 send_eapol(hapd, addr, build_eapol(msg))
1509
1510 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
1511 hapd_connected(hapd)
1512
1513 @remote_compatible
1514 def test_ap_wpa_psk_ext_eapol(dev, apdev):
1515 """WPA2-PSK AP using external EAPOL supplicant"""
1516 (bssid, ssid, hapd, snonce, pmk, addr, wpae) = eapol_test(apdev[0], dev[0],
1517 wpa2=False)
1518
1519 msg = recv_eapol(hapd)
1520 anonce = msg['rsn_key_nonce']
1521 logger.info("Replay same data back")
1522 send_eapol(hapd, addr, build_eapol(msg))
1523 logger.info("Too short data")
1524 send_eapol(hapd, addr, build_eapol(msg)[0:98])
1525
1526 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1527 msg['descr_type'] = 2
1528 reply_eapol("2/4(invalid type)", hapd, addr, msg, 0x010a, snonce, wpae, kck)
1529 msg['descr_type'] = 254
1530 reply_eapol("2/4", hapd, addr, msg, 0x010a, snonce, wpae, kck)
1531
1532 msg = recv_eapol(hapd)
1533 if anonce != msg['rsn_key_nonce']:
1534 raise Exception("ANonce changed")
1535 logger.info("Replay same data back")
1536 send_eapol(hapd, addr, build_eapol(msg))
1537
1538 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
1539 hapd_connected(hapd)
1540
1541 @remote_compatible
1542 def test_ap_wpa2_psk_ext_eapol_key_info(dev, apdev):
1543 """WPA2-PSK 4-way handshake with strange key info values"""
1544 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
1545
1546 msg = recv_eapol(hapd)
1547 anonce = msg['rsn_key_nonce']
1548
1549 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1550 rsn_eapol_key_set(msg, 0x0000, 0, snonce, rsne)
1551 send_eapol(hapd, addr, build_eapol(msg))
1552 rsn_eapol_key_set(msg, 0xffff, 0, snonce, rsne)
1553 send_eapol(hapd, addr, build_eapol(msg))
1554 # SMK M1
1555 rsn_eapol_key_set(msg, 0x2802, 0, snonce, rsne)
1556 send_eapol(hapd, addr, build_eapol(msg))
1557 # SMK M3
1558 rsn_eapol_key_set(msg, 0x2002, 0, snonce, rsne)
1559 send_eapol(hapd, addr, build_eapol(msg))
1560 # Request
1561 rsn_eapol_key_set(msg, 0x0902, 0, snonce, rsne)
1562 send_eapol(hapd, addr, build_eapol(msg))
1563 # Request
1564 rsn_eapol_key_set(msg, 0x0902, 0, snonce, rsne)
1565 tmp_kck = binascii.unhexlify('00000000000000000000000000000000')
1566 eapol_key_mic(tmp_kck, msg)
1567 send_eapol(hapd, addr, build_eapol(msg))
1568
1569 reply_eapol("2/4", hapd, addr, msg, 0x010a, snonce, rsne, kck)
1570
1571 msg = recv_eapol(hapd)
1572 if anonce != msg['rsn_key_nonce']:
1573 raise Exception("ANonce changed")
1574
1575 # Request (valic MIC)
1576 rsn_eapol_key_set(msg, 0x0902, 0, snonce, rsne)
1577 eapol_key_mic(kck, msg)
1578 send_eapol(hapd, addr, build_eapol(msg))
1579 # Request (valid MIC, replayed counter)
1580 rsn_eapol_key_set(msg, 0x0902, 0, snonce, rsne)
1581 eapol_key_mic(kck, msg)
1582 send_eapol(hapd, addr, build_eapol(msg))
1583
1584 reply_eapol("4/4", hapd, addr, msg, 0x030a, None, None, kck)
1585 hapd_connected(hapd)
1586
1587 def build_eapol_key_1_4(anonce, replay_counter=1, key_data=b'', key_len=16):
1588 msg = {}
1589 msg['version'] = 2
1590 msg['type'] = 3
1591 msg['length'] = 95 + len(key_data)
1592
1593 msg['descr_type'] = 2
1594 msg['rsn_key_info'] = 0x8a
1595 msg['rsn_key_len'] = key_len
1596 msg['rsn_replay_counter'] = struct.pack('>Q', replay_counter)
1597 msg['rsn_key_nonce'] = anonce
1598 msg['rsn_key_iv'] = binascii.unhexlify('00000000000000000000000000000000')
1599 msg['rsn_key_rsc'] = binascii.unhexlify('0000000000000000')
1600 msg['rsn_key_id'] = binascii.unhexlify('0000000000000000')
1601 msg['rsn_key_mic'] = binascii.unhexlify('00000000000000000000000000000000')
1602 msg['rsn_key_data_len'] = len(key_data)
1603 msg['rsn_key_data'] = key_data
1604 return msg
1605
1606 def build_eapol_key_3_4(anonce, kck, key_data, replay_counter=2,
1607 key_info=0x13ca, extra_len=0, descr_type=2, key_len=16):
1608 msg = {}
1609 msg['version'] = 2
1610 msg['type'] = 3
1611 msg['length'] = 95 + len(key_data) + extra_len
1612
1613 msg['descr_type'] = descr_type
1614 msg['rsn_key_info'] = key_info
1615 msg['rsn_key_len'] = key_len
1616 msg['rsn_replay_counter'] = struct.pack('>Q', replay_counter)
1617 msg['rsn_key_nonce'] = anonce
1618 msg['rsn_key_iv'] = binascii.unhexlify('00000000000000000000000000000000')
1619 msg['rsn_key_rsc'] = binascii.unhexlify('0000000000000000')
1620 msg['rsn_key_id'] = binascii.unhexlify('0000000000000000')
1621 msg['rsn_key_data_len'] = len(key_data)
1622 msg['rsn_key_data'] = key_data
1623 eapol_key_mic(kck, msg)
1624 return msg
1625
1626 def aes_wrap(kek, plain):
1627 n = len(plain) // 8
1628 a = 0xa6a6a6a6a6a6a6a6
1629 enc = AES.new(kek).encrypt
1630 r = [plain[i * 8:(i + 1) * 8] for i in range(0, n)]
1631 for j in range(6):
1632 for i in range(1, n + 1):
1633 b = enc(struct.pack('>Q', a) + r[i - 1])
1634 a = struct.unpack('>Q', b[:8])[0] ^ (n * j + i)
1635 r[i - 1] = b[8:]
1636 return struct.pack('>Q', a) + b''.join(r)
1637
1638 def pad_key_data(plain):
1639 pad_len = len(plain) % 8
1640 if pad_len:
1641 pad_len = 8 - pad_len
1642 plain += b'\xdd'
1643 pad_len -= 1
1644 plain += pad_len * b'\x00'
1645 return plain
1646
1647 def test_ap_wpa2_psk_supp_proto(dev, apdev):
1648 """WPA2-PSK 4-way handshake protocol testing for supplicant"""
1649 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
1650
1651 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1652 msg = recv_eapol(hapd)
1653 dev[0].dump_monitor()
1654
1655 # Build own EAPOL-Key msg 1/4
1656 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1657 counter = 1
1658 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1659 counter += 1
1660 send_eapol(dev[0], bssid, build_eapol(msg))
1661 msg = recv_eapol(dev[0])
1662 snonce = msg['rsn_key_nonce']
1663
1664 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1665
1666 logger.debug("Invalid AES wrap data length 0")
1667 dev[0].dump_monitor()
1668 msg = build_eapol_key_3_4(anonce, kck, b'', replay_counter=counter)
1669 counter += 1
1670 send_eapol(dev[0], bssid, build_eapol(msg))
1671 ev = dev[0].wait_event(["WPA: Unsupported AES-WRAP len 0"])
1672 if ev is None:
1673 raise Exception("Unsupported AES-WRAP len 0 not reported")
1674
1675 logger.debug("Invalid AES wrap data length 1")
1676 dev[0].dump_monitor()
1677 msg = build_eapol_key_3_4(anonce, kck, b'1', replay_counter=counter)
1678 counter += 1
1679 send_eapol(dev[0], bssid, build_eapol(msg))
1680 ev = dev[0].wait_event(["WPA: Unsupported AES-WRAP len 1"])
1681 if ev is None:
1682 raise Exception("Unsupported AES-WRAP len 1 not reported")
1683
1684 logger.debug("Invalid AES wrap data length 9")
1685 dev[0].dump_monitor()
1686 msg = build_eapol_key_3_4(anonce, kck, b'123456789', replay_counter=counter)
1687 counter += 1
1688 send_eapol(dev[0], bssid, build_eapol(msg))
1689 ev = dev[0].wait_event(["WPA: Unsupported AES-WRAP len 9"])
1690 if ev is None:
1691 raise Exception("Unsupported AES-WRAP len 9 not reported")
1692
1693 logger.debug("Invalid AES wrap data payload")
1694 dev[0].dump_monitor()
1695 msg = build_eapol_key_3_4(anonce, kck, b'12345678', replay_counter=counter)
1696 # do not increment counter to test replay protection
1697 send_eapol(dev[0], bssid, build_eapol(msg))
1698 ev = dev[0].wait_event(["WPA: AES unwrap failed"])
1699 if ev is None:
1700 raise Exception("AES unwrap failure not reported")
1701
1702 logger.debug("Replay Count not increasing")
1703 dev[0].dump_monitor()
1704 msg = build_eapol_key_3_4(anonce, kck, b'12345678', replay_counter=counter)
1705 counter += 1
1706 send_eapol(dev[0], bssid, build_eapol(msg))
1707 ev = dev[0].wait_event(["WPA: EAPOL-Key Replay Counter did not increase"])
1708 if ev is None:
1709 raise Exception("Replay Counter replay not reported")
1710
1711 logger.debug("Missing Ack bit in key info")
1712 dev[0].dump_monitor()
1713 msg = build_eapol_key_3_4(anonce, kck, b'12345678', replay_counter=counter,
1714 key_info=0x134a)
1715 counter += 1
1716 send_eapol(dev[0], bssid, build_eapol(msg))
1717 ev = dev[0].wait_event(["WPA: No Ack bit in key_info"])
1718 if ev is None:
1719 raise Exception("Missing Ack bit not reported")
1720
1721 logger.debug("Unexpected Request bit in key info")
1722 dev[0].dump_monitor()
1723 msg = build_eapol_key_3_4(anonce, kck, b'12345678', replay_counter=counter,
1724 key_info=0x1bca)
1725 counter += 1
1726 send_eapol(dev[0], bssid, build_eapol(msg))
1727 ev = dev[0].wait_event(["WPA: EAPOL-Key with Request bit"])
1728 if ev is None:
1729 raise Exception("Request bit not reported")
1730
1731 logger.debug("Unsupported key descriptor version 0")
1732 dev[0].dump_monitor()
1733 msg = build_eapol_key_3_4(anonce, kck, b'0123456789abcdef',
1734 replay_counter=counter, key_info=0x13c8)
1735 counter += 1
1736 send_eapol(dev[0], bssid, build_eapol(msg))
1737 ev = dev[0].wait_event(["WPA: Unsupported EAPOL-Key descriptor version 0"])
1738 if ev is None:
1739 raise Exception("Unsupported EAPOL-Key descriptor version 0 not reported")
1740
1741 logger.debug("Key descriptor version 1 not allowed with CCMP")
1742 dev[0].dump_monitor()
1743 msg = build_eapol_key_3_4(anonce, kck, b'0123456789abcdef',
1744 replay_counter=counter, key_info=0x13c9)
1745 counter += 1
1746 send_eapol(dev[0], bssid, build_eapol(msg))
1747 ev = dev[0].wait_event(["WPA: CCMP is used, but EAPOL-Key descriptor version (1) is not 2"])
1748 if ev is None:
1749 raise Exception("Not allowed EAPOL-Key descriptor version not reported")
1750
1751 logger.debug("Invalid AES wrap payload with key descriptor version 2")
1752 dev[0].dump_monitor()
1753 msg = build_eapol_key_3_4(anonce, kck, b'0123456789abcdef',
1754 replay_counter=counter, key_info=0x13ca)
1755 counter += 1
1756 send_eapol(dev[0], bssid, build_eapol(msg))
1757 ev = dev[0].wait_event(["WPA: AES unwrap failed"])
1758 if ev is None:
1759 raise Exception("AES unwrap failure not reported")
1760
1761 logger.debug("Key descriptor version 3 workaround")
1762 dev[0].dump_monitor()
1763 msg = build_eapol_key_3_4(anonce, kck, b'0123456789abcdef',
1764 replay_counter=counter, key_info=0x13cb)
1765 counter += 1
1766 send_eapol(dev[0], bssid, build_eapol(msg))
1767 ev = dev[0].wait_event(["WPA: CCMP is used, but EAPOL-Key descriptor version (3) is not 2"])
1768 if ev is None:
1769 raise Exception("CCMP key descriptor mismatch not reported")
1770 ev = dev[0].wait_event(["WPA: Interoperability workaround"])
1771 if ev is None:
1772 raise Exception("AES-128-CMAC workaround not reported")
1773 ev = dev[0].wait_event(["WPA: Invalid EAPOL-Key MIC - dropping packet"])
1774 if ev is None:
1775 raise Exception("MIC failure with AES-128-CMAC workaround not reported")
1776
1777 logger.debug("Unsupported key descriptor version 4")
1778 dev[0].dump_monitor()
1779 msg = build_eapol_key_3_4(anonce, kck, b'0123456789abcdef',
1780 replay_counter=counter, key_info=0x13cc)
1781 counter += 1
1782 send_eapol(dev[0], bssid, build_eapol(msg))
1783 ev = dev[0].wait_event(["WPA: Unsupported EAPOL-Key descriptor version 4"])
1784 if ev is None:
1785 raise Exception("Unsupported EAPOL-Key descriptor version 4 not reported")
1786
1787 logger.debug("Unsupported key descriptor version 7")
1788 dev[0].dump_monitor()
1789 msg = build_eapol_key_3_4(anonce, kck, b'0123456789abcdef',
1790 replay_counter=counter, key_info=0x13cf)
1791 counter += 1
1792 send_eapol(dev[0], bssid, build_eapol(msg))
1793 ev = dev[0].wait_event(["WPA: Unsupported EAPOL-Key descriptor version 7"])
1794 if ev is None:
1795 raise Exception("Unsupported EAPOL-Key descriptor version 7 not reported")
1796
1797 logger.debug("Too short EAPOL header length")
1798 dev[0].dump_monitor()
1799 msg = build_eapol_key_3_4(anonce, kck, b'12345678', replay_counter=counter,
1800 extra_len=-1)
1801 counter += 1
1802 send_eapol(dev[0], bssid, build_eapol(msg))
1803 ev = dev[0].wait_event(["WPA: Invalid EAPOL-Key frame - key_data overflow (8 > 7)"])
1804 if ev is None:
1805 raise Exception("Key data overflow not reported")
1806
1807 logger.debug("Too long EAPOL header length")
1808 msg = build_eapol_key_3_4(anonce, kck, b'12345678', replay_counter=counter,
1809 extra_len=1)
1810 counter += 1
1811 send_eapol(dev[0], bssid, build_eapol(msg))
1812
1813 logger.debug("Unsupported descriptor type 0")
1814 msg = build_eapol_key_3_4(anonce, kck, b'12345678', replay_counter=counter,
1815 descr_type=0)
1816 counter += 1
1817 send_eapol(dev[0], bssid, build_eapol(msg))
1818
1819 logger.debug("WPA descriptor type 0")
1820 msg = build_eapol_key_3_4(anonce, kck, b'12345678', replay_counter=counter,
1821 descr_type=254)
1822 counter += 1
1823 send_eapol(dev[0], bssid, build_eapol(msg))
1824
1825 logger.debug("Non-zero key index for pairwise key")
1826 dev[0].dump_monitor()
1827 wrapped = aes_wrap(kek, 16*b'z')
1828 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter,
1829 key_info=0x13ea)
1830 counter += 1
1831 send_eapol(dev[0], bssid, build_eapol(msg))
1832 ev = dev[0].wait_event(["WPA: Ignored EAPOL-Key (Pairwise) with non-zero key index"])
1833 if ev is None:
1834 raise Exception("Non-zero key index not reported")
1835
1836 logger.debug("Invalid Key Data plaintext payload --> disconnect")
1837 dev[0].dump_monitor()
1838 wrapped = aes_wrap(kek, 16*b'z')
1839 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
1840 counter += 1
1841 send_eapol(dev[0], bssid, build_eapol(msg))
1842 dev[0].wait_disconnected(timeout=1)
1843
1844 def test_ap_wpa2_psk_supp_proto_no_ie(dev, apdev):
1845 """WPA2-PSK supplicant protocol testing: IE not included"""
1846 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
1847
1848 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1849 msg = recv_eapol(hapd)
1850 dev[0].dump_monitor()
1851
1852 # Build own EAPOL-Key msg 1/4
1853 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1854 counter = 1
1855 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1856 counter += 1
1857 send_eapol(dev[0], bssid, build_eapol(msg))
1858 msg = recv_eapol(dev[0])
1859 snonce = msg['rsn_key_nonce']
1860
1861 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1862
1863 logger.debug("No IEs in msg 3/4 --> disconnect")
1864 dev[0].dump_monitor()
1865 wrapped = aes_wrap(kek, 16*b'\x00')
1866 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
1867 counter += 1
1868 send_eapol(dev[0], bssid, build_eapol(msg))
1869 dev[0].wait_disconnected(timeout=1)
1870
1871 def test_ap_wpa2_psk_supp_proto_ie_mismatch(dev, apdev):
1872 """WPA2-PSK supplicant protocol testing: IE mismatch"""
1873 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
1874
1875 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1876 msg = recv_eapol(hapd)
1877 dev[0].dump_monitor()
1878
1879 # Build own EAPOL-Key msg 1/4
1880 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1881 counter = 1
1882 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1883 counter += 1
1884 send_eapol(dev[0], bssid, build_eapol(msg))
1885 msg = recv_eapol(dev[0])
1886 snonce = msg['rsn_key_nonce']
1887
1888 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1889
1890 logger.debug("Msg 3/4 with mismatching IE")
1891 dev[0].dump_monitor()
1892 wrapped = aes_wrap(kek, pad_key_data(binascii.unhexlify('30060100000fac04dd16000fac010100dc11188831bf4aa4a8678d2b41498618')))
1893 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
1894 counter += 1
1895 send_eapol(dev[0], bssid, build_eapol(msg))
1896 dev[0].wait_disconnected(timeout=1)
1897
1898 def test_ap_wpa2_psk_supp_proto_ok(dev, apdev):
1899 """WPA2-PSK supplicant protocol testing: success"""
1900 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
1901
1902 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1903 msg = recv_eapol(hapd)
1904 dev[0].dump_monitor()
1905
1906 # Build own EAPOL-Key msg 1/4
1907 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1908 counter = 1
1909 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1910 counter += 1
1911 send_eapol(dev[0], bssid, build_eapol(msg))
1912 msg = recv_eapol(dev[0])
1913 snonce = msg['rsn_key_nonce']
1914
1915 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1916
1917 logger.debug("Valid EAPOL-Key msg 3/4")
1918 dev[0].dump_monitor()
1919 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010100dc11188831bf4aa4a8678d2b41498618')
1920 wrapped = aes_wrap(kek, pad_key_data(plain))
1921 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
1922 counter += 1
1923 send_eapol(dev[0], bssid, build_eapol(msg))
1924 dev[0].wait_connected(timeout=1)
1925
1926 def test_ap_wpa2_psk_supp_proto_no_gtk(dev, apdev):
1927 """WPA2-PSK supplicant protocol testing: no GTK"""
1928 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
1929
1930 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1931 msg = recv_eapol(hapd)
1932 dev[0].dump_monitor()
1933
1934 # Build own EAPOL-Key msg 1/4
1935 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1936 counter = 1
1937 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1938 counter += 1
1939 send_eapol(dev[0], bssid, build_eapol(msg))
1940 msg = recv_eapol(dev[0])
1941 snonce = msg['rsn_key_nonce']
1942
1943 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1944
1945 logger.debug("EAPOL-Key msg 3/4 without GTK KDE")
1946 dev[0].dump_monitor()
1947 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00')
1948 wrapped = aes_wrap(kek, pad_key_data(plain))
1949 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
1950 counter += 1
1951 send_eapol(dev[0], bssid, build_eapol(msg))
1952 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=0.1)
1953 if ev is not None:
1954 raise Exception("Unexpected connection completion reported")
1955
1956 def test_ap_wpa2_psk_supp_proto_anonce_change(dev, apdev):
1957 """WPA2-PSK supplicant protocol testing: ANonce change"""
1958 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
1959
1960 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1961 msg = recv_eapol(hapd)
1962 dev[0].dump_monitor()
1963
1964 # Build own EAPOL-Key msg 1/4
1965 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1966 counter = 1
1967 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1968 counter += 1
1969 send_eapol(dev[0], bssid, build_eapol(msg))
1970 msg = recv_eapol(dev[0])
1971 snonce = msg['rsn_key_nonce']
1972
1973 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
1974
1975 logger.debug("Valid EAPOL-Key msg 3/4")
1976 dev[0].dump_monitor()
1977 anonce2 = binascii.unhexlify('3333333333333333333333333333333333333333333333333333333333333333')
1978 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010100dc11188831bf4aa4a8678d2b41498618')
1979 wrapped = aes_wrap(kek, pad_key_data(plain))
1980 msg = build_eapol_key_3_4(anonce2, kck, wrapped, replay_counter=counter)
1981 counter += 1
1982 send_eapol(dev[0], bssid, build_eapol(msg))
1983 ev = dev[0].wait_event(["WPA: ANonce from message 1 of 4-Way Handshake differs from 3 of 4-Way Handshake"])
1984 if ev is None:
1985 raise Exception("ANonce change not reported")
1986
1987 def test_ap_wpa2_psk_supp_proto_unexpected_group_msg(dev, apdev):
1988 """WPA2-PSK supplicant protocol testing: unexpected group message"""
1989 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
1990
1991 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
1992 msg = recv_eapol(hapd)
1993 dev[0].dump_monitor()
1994
1995 # Build own EAPOL-Key msg 1/4
1996 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
1997 counter = 1
1998 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
1999 counter += 1
2000 send_eapol(dev[0], bssid, build_eapol(msg))
2001 msg = recv_eapol(dev[0])
2002 snonce = msg['rsn_key_nonce']
2003
2004 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
2005
2006 logger.debug("Group key 1/2 instead of msg 3/4")
2007 dev[0].dump_monitor()
2008 wrapped = aes_wrap(kek, binascii.unhexlify('dd16000fac010100dc11188831bf4aa4a8678d2b41498618'))
2009 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter,
2010 key_info=0x13c2)
2011 counter += 1
2012 send_eapol(dev[0], bssid, build_eapol(msg))
2013 ev = dev[0].wait_event(["WPA: Group Key Handshake started prior to completion of 4-way handshake"])
2014 if ev is None:
2015 raise Exception("Unexpected group key message not reported")
2016 dev[0].wait_disconnected(timeout=1)
2017
2018 @remote_compatible
2019 def test_ap_wpa2_psk_supp_proto_msg_1_invalid_kde(dev, apdev):
2020 """WPA2-PSK supplicant protocol testing: invalid KDE in msg 1/4"""
2021 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
2022
2023 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
2024 msg = recv_eapol(hapd)
2025 dev[0].dump_monitor()
2026
2027 # Build own EAPOL-Key msg 1/4 with invalid KDE
2028 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
2029 counter = 1
2030 msg = build_eapol_key_1_4(anonce, replay_counter=counter,
2031 key_data=binascii.unhexlify('5555'))
2032 counter += 1
2033 send_eapol(dev[0], bssid, build_eapol(msg))
2034 dev[0].wait_disconnected(timeout=1)
2035
2036 def test_ap_wpa2_psk_supp_proto_wrong_pairwise_key_len(dev, apdev):
2037 """WPA2-PSK supplicant protocol testing: wrong pairwise key length"""
2038 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
2039
2040 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
2041 msg = recv_eapol(hapd)
2042 dev[0].dump_monitor()
2043
2044 # Build own EAPOL-Key msg 1/4
2045 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
2046 counter = 1
2047 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
2048 counter += 1
2049 send_eapol(dev[0], bssid, build_eapol(msg))
2050 msg = recv_eapol(dev[0])
2051 snonce = msg['rsn_key_nonce']
2052
2053 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
2054
2055 logger.debug("Valid EAPOL-Key msg 3/4")
2056 dev[0].dump_monitor()
2057 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010100dc11188831bf4aa4a8678d2b41498618')
2058 wrapped = aes_wrap(kek, pad_key_data(plain))
2059 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter,
2060 key_len=15)
2061 counter += 1
2062 send_eapol(dev[0], bssid, build_eapol(msg))
2063 ev = dev[0].wait_event(["WPA: Invalid CCMP key length 15"])
2064 if ev is None:
2065 raise Exception("Invalid CCMP key length not reported")
2066 dev[0].wait_disconnected(timeout=1)
2067
2068 def test_ap_wpa2_psk_supp_proto_wrong_group_key_len(dev, apdev):
2069 """WPA2-PSK supplicant protocol testing: wrong group key length"""
2070 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
2071
2072 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
2073 msg = recv_eapol(hapd)
2074 dev[0].dump_monitor()
2075
2076 # Build own EAPOL-Key msg 1/4
2077 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
2078 counter = 1
2079 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
2080 counter += 1
2081 send_eapol(dev[0], bssid, build_eapol(msg))
2082 msg = recv_eapol(dev[0])
2083 snonce = msg['rsn_key_nonce']
2084
2085 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
2086
2087 logger.debug("Valid EAPOL-Key msg 3/4")
2088 dev[0].dump_monitor()
2089 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd15000fac010100dc11188831bf4aa4a8678d2b414986')
2090 wrapped = aes_wrap(kek, pad_key_data(plain))
2091 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
2092 counter += 1
2093 send_eapol(dev[0], bssid, build_eapol(msg))
2094 ev = dev[0].wait_event(["WPA: Unsupported CCMP Group Cipher key length 15"])
2095 if ev is None:
2096 raise Exception("Invalid CCMP key length not reported")
2097 dev[0].wait_disconnected(timeout=1)
2098
2099 def test_ap_wpa2_psk_supp_proto_gtk_tx_bit_workaround(dev, apdev):
2100 """WPA2-PSK supplicant protocol testing: GTK TX bit workaround"""
2101 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
2102
2103 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
2104 msg = recv_eapol(hapd)
2105 dev[0].dump_monitor()
2106
2107 # Build own EAPOL-Key msg 1/4
2108 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
2109 counter = 1
2110 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
2111 counter += 1
2112 send_eapol(dev[0], bssid, build_eapol(msg))
2113 msg = recv_eapol(dev[0])
2114 snonce = msg['rsn_key_nonce']
2115
2116 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
2117
2118 logger.debug("Valid EAPOL-Key msg 3/4")
2119 dev[0].dump_monitor()
2120 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010500dc11188831bf4aa4a8678d2b41498618')
2121 wrapped = aes_wrap(kek, pad_key_data(plain))
2122 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
2123 counter += 1
2124 send_eapol(dev[0], bssid, build_eapol(msg))
2125 ev = dev[0].wait_event(["WPA: Tx bit set for GTK, but pairwise keys are used - ignore Tx bit"])
2126 if ev is None:
2127 raise Exception("GTK Tx bit workaround not reported")
2128 dev[0].wait_connected(timeout=1)
2129
2130 def test_ap_wpa2_psk_supp_proto_gtk_keyidx_0_and_3(dev, apdev):
2131 """WPA2-PSK supplicant protocol testing: GTK key index 0 and 3"""
2132 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
2133
2134 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
2135 msg = recv_eapol(hapd)
2136 dev[0].dump_monitor()
2137
2138 # Build own EAPOL-Key msg 1/4
2139 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
2140 counter = 1
2141 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
2142 counter += 1
2143 send_eapol(dev[0], bssid, build_eapol(msg))
2144 msg = recv_eapol(dev[0])
2145 snonce = msg['rsn_key_nonce']
2146
2147 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
2148
2149 logger.debug("Valid EAPOL-Key msg 3/4 (GTK keyidx 0)")
2150 dev[0].dump_monitor()
2151 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010000dc11188831bf4aa4a8678d2b41498618')
2152 wrapped = aes_wrap(kek, pad_key_data(plain))
2153 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
2154 counter += 1
2155 send_eapol(dev[0], bssid, build_eapol(msg))
2156 dev[0].wait_connected(timeout=1)
2157
2158 logger.debug("Valid EAPOL-Key group msg 1/2 (GTK keyidx 3)")
2159 dev[0].dump_monitor()
2160 plain = binascii.unhexlify('dd16000fac010300dc11188831bf4aa4a8678d2b41498618')
2161 wrapped = aes_wrap(kek, pad_key_data(plain))
2162 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter,
2163 key_info=0x13c2)
2164 counter += 1
2165 send_eapol(dev[0], bssid, build_eapol(msg))
2166 msg = recv_eapol(dev[0])
2167 ev = dev[0].wait_event(["WPA: Group rekeying completed"])
2168 if ev is None:
2169 raise Exception("GTK rekeing not reported")
2170
2171 logger.debug("Unencrypted GTK KDE in group msg 1/2")
2172 dev[0].dump_monitor()
2173 plain = binascii.unhexlify('dd16000fac010300dc11188831bf4aa4a8678d2b41498618')
2174 msg = build_eapol_key_3_4(anonce, kck, plain, replay_counter=counter,
2175 key_info=0x03c2)
2176 counter += 1
2177 send_eapol(dev[0], bssid, build_eapol(msg))
2178 ev = dev[0].wait_event(["WPA: GTK IE in unencrypted key data"])
2179 if ev is None:
2180 raise Exception("Unencrypted GTK KDE not reported")
2181 dev[0].wait_disconnected(timeout=1)
2182
2183 def test_ap_wpa2_psk_supp_proto_no_gtk_in_group_msg(dev, apdev):
2184 """WPA2-PSK supplicant protocol testing: GTK KDE missing from group msg"""
2185 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
2186
2187 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
2188 msg = recv_eapol(hapd)
2189 dev[0].dump_monitor()
2190
2191 # Build own EAPOL-Key msg 1/4
2192 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
2193 counter = 1
2194 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
2195 counter += 1
2196 send_eapol(dev[0], bssid, build_eapol(msg))
2197 msg = recv_eapol(dev[0])
2198 snonce = msg['rsn_key_nonce']
2199
2200 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
2201
2202 logger.debug("Valid EAPOL-Key msg 3/4 (GTK keyidx 0)")
2203 dev[0].dump_monitor()
2204 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010000dc11188831bf4aa4a8678d2b41498618')
2205 wrapped = aes_wrap(kek, pad_key_data(plain))
2206 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
2207 counter += 1
2208 send_eapol(dev[0], bssid, build_eapol(msg))
2209 dev[0].wait_connected(timeout=1)
2210
2211 logger.debug("No GTK KDE in EAPOL-Key group msg 1/2")
2212 dev[0].dump_monitor()
2213 plain = binascii.unhexlify('dd00dd00dd00dd00dd00dd00dd00dd00')
2214 wrapped = aes_wrap(kek, pad_key_data(plain))
2215 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter,
2216 key_info=0x13c2)
2217 counter += 1
2218 send_eapol(dev[0], bssid, build_eapol(msg))
2219 ev = dev[0].wait_event(["WPA: No GTK IE in Group Key msg 1/2"])
2220 if ev is None:
2221 raise Exception("Missing GTK KDE not reported")
2222 dev[0].wait_disconnected(timeout=1)
2223
2224 def test_ap_wpa2_psk_supp_proto_too_long_gtk_in_group_msg(dev, apdev):
2225 """WPA2-PSK supplicant protocol testing: too long GTK KDE in group msg"""
2226 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
2227
2228 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
2229 msg = recv_eapol(hapd)
2230 dev[0].dump_monitor()
2231
2232 # Build own EAPOL-Key msg 1/4
2233 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
2234 counter = 1
2235 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
2236 counter += 1
2237 send_eapol(dev[0], bssid, build_eapol(msg))
2238 msg = recv_eapol(dev[0])
2239 snonce = msg['rsn_key_nonce']
2240
2241 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
2242
2243 logger.debug("Valid EAPOL-Key msg 3/4 (GTK keyidx 0)")
2244 dev[0].dump_monitor()
2245 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010000dc11188831bf4aa4a8678d2b41498618')
2246 wrapped = aes_wrap(kek, pad_key_data(plain))
2247 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
2248 counter += 1
2249 send_eapol(dev[0], bssid, build_eapol(msg))
2250 dev[0].wait_connected(timeout=1)
2251
2252 logger.debug("EAPOL-Key group msg 1/2 with too long GTK KDE")
2253 dev[0].dump_monitor()
2254 plain = binascii.unhexlify('dd27000fac010100ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff')
2255 wrapped = aes_wrap(kek, pad_key_data(plain))
2256 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter,
2257 key_info=0x13c2)
2258 counter += 1
2259 send_eapol(dev[0], bssid, build_eapol(msg))
2260 ev = dev[0].wait_event(["WPA: Unsupported CCMP Group Cipher key length 33"])
2261 if ev is None:
2262 raise Exception("Too long GTK KDE not reported")
2263 dev[0].wait_disconnected(timeout=1)
2264
2265 def test_ap_wpa2_psk_supp_proto_too_long_gtk_kde(dev, apdev):
2266 """WPA2-PSK supplicant protocol testing: too long GTK KDE"""
2267 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
2268
2269 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
2270 msg = recv_eapol(hapd)
2271 dev[0].dump_monitor()
2272
2273 # Build own EAPOL-Key msg 1/4
2274 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
2275 counter = 1
2276 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
2277 counter += 1
2278 send_eapol(dev[0], bssid, build_eapol(msg))
2279 msg = recv_eapol(dev[0])
2280 snonce = msg['rsn_key_nonce']
2281
2282 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
2283
2284 logger.debug("EAPOL-Key msg 3/4 with too short GTK KDE")
2285 dev[0].dump_monitor()
2286 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd27000fac010100ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff')
2287 wrapped = aes_wrap(kek, pad_key_data(plain))
2288 msg = build_eapol_key_3_4(anonce, kck, wrapped, replay_counter=counter)
2289 counter += 1
2290 send_eapol(dev[0], bssid, build_eapol(msg))
2291 dev[0].wait_disconnected(timeout=1)
2292
2293 def test_ap_wpa2_psk_supp_proto_gtk_not_encrypted(dev, apdev):
2294 """WPA2-PSK supplicant protocol testing: GTK KDE not encrypted"""
2295 (bssid, ssid, hapd, snonce, pmk, addr, rsne) = eapol_test(apdev[0], dev[0])
2296
2297 # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated
2298 msg = recv_eapol(hapd)
2299 dev[0].dump_monitor()
2300
2301 # Build own EAPOL-Key msg 1/4
2302 anonce = binascii.unhexlify('2222222222222222222222222222222222222222222222222222222222222222')
2303 counter = 1
2304 msg = build_eapol_key_1_4(anonce, replay_counter=counter)
2305 counter += 1
2306 send_eapol(dev[0], bssid, build_eapol(msg))
2307 msg = recv_eapol(dev[0])
2308 snonce = msg['rsn_key_nonce']
2309
2310 (ptk, kck, kek) = pmk_to_ptk(pmk, addr, bssid, snonce, anonce)
2311
2312 logger.debug("Valid EAPOL-Key msg 3/4")
2313 dev[0].dump_monitor()
2314 plain = binascii.unhexlify('30140100000fac040100000fac040100000fac020c00dd16000fac010100dc11188831bf4aa4a8678d2b41498618')
2315 msg = build_eapol_key_3_4(anonce, kck, plain, replay_counter=counter,
2316 key_info=0x03ca)
2317 counter += 1
2318 send_eapol(dev[0], bssid, build_eapol(msg))
2319 ev = dev[0].wait_event(["WPA: GTK IE in unencrypted key data"])
2320 if ev is None:
2321 raise Exception("Unencrypted GTK KDE not reported")
2322 dev[0].wait_disconnected(timeout=1)
2323
2324 def find_wpas_process(dev):
2325 ifname = dev.ifname
2326 err, data = dev.cmd_execute(['ps', 'ax'])
2327 for l in data.splitlines():
2328 if "wpa_supplicant" not in l:
2329 continue
2330 if "-i" + ifname not in l:
2331 continue
2332 return int(l.strip().split(' ')[0])
2333 raise Exception("Could not find wpa_supplicant process")
2334
2335 def read_process_memory(pid, key=None):
2336 buf = bytes()
2337 logger.info("Reading process memory (pid=%d)" % pid)
2338 with open('/proc/%d/maps' % pid, 'r') as maps, \
2339 open('/proc/%d/mem' % pid, 'rb') as mem:
2340 for l in maps.readlines():
2341 m = re.match(r'([0-9a-f]+)-([0-9a-f]+) ([-r][-w][-x][-p])', l)
2342 if not m:
2343 continue
2344 start = int(m.group(1), 16)
2345 end = int(m.group(2), 16)
2346 perm = m.group(3)
2347 if start > 0xffffffffffff:
2348 continue
2349 if end < start:
2350 continue
2351 if not perm.startswith('rw'):
2352 continue
2353 for name in ["[heap]", "[stack]"]:
2354 if name in l:
2355 logger.info("%s 0x%x-0x%x is at %d-%d" % (name, start, end, len(buf), len(buf) + (end - start)))
2356 mem.seek(start)
2357 data = mem.read(end - start)
2358 buf += data
2359 if key and key in data:
2360 logger.info("Key found in " + l)
2361 logger.info("Total process memory read: %d bytes" % len(buf))
2362 return buf
2363
2364 def verify_not_present(buf, key, fname, keyname):
2365 pos = buf.find(key)
2366 if pos < 0:
2367 return
2368
2369 prefix = 2048 if pos > 2048 else pos
2370 with open(fname + keyname, 'wb') as f:
2371 f.write(buf[pos - prefix:pos + 2048])
2372 raise Exception(keyname + " found after disassociation")
2373
2374 def get_key_locations(buf, key, keyname):
2375 count = 0
2376 pos = 0
2377 while True:
2378 pos = buf.find(key, pos)
2379 if pos < 0:
2380 break
2381 logger.info("Found %s at %d" % (keyname, pos))
2382 context = 128
2383 start = pos - context if pos > context else 0
2384 before = binascii.hexlify(buf[start:pos])
2385 context += len(key)
2386 end = pos + context if pos < len(buf) - context else len(buf) - context
2387 after = binascii.hexlify(buf[pos + len(key):end])
2388 logger.debug("Memory context %d-%d: %s|%s|%s" % (start, end, before, binascii.hexlify(key), after))
2389 count += 1
2390 pos += len(key)
2391 return count
2392
2393 def test_wpa2_psk_key_lifetime_in_memory(dev, apdev, params):
2394 """WPA2-PSK and PSK/PTK lifetime in memory"""
2395 ssid = "test-wpa2-psk"
2396 passphrase = 'qwertyuiop'
2397 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
2398 pmk = binascii.unhexlify(psk)
2399 p = hostapd.wpa2_params(ssid=ssid)
2400 p['wpa_psk'] = psk
2401 hapd = hostapd.add_ap(apdev[0], p)
2402
2403 pid = find_wpas_process(dev[0])
2404
2405 id = dev[0].connect(ssid, raw_psk=psk, scan_freq="2412",
2406 only_add_network=True)
2407
2408 logger.info("Checking keys in memory after network profile configuration")
2409 buf = read_process_memory(pid, pmk)
2410 get_key_locations(buf, pmk, "PMK")
2411
2412 dev[0].request("REMOVE_NETWORK all")
2413 logger.info("Checking keys in memory after network profile removal")
2414 buf = read_process_memory(pid, pmk)
2415 get_key_locations(buf, pmk, "PMK")
2416
2417 id = dev[0].connect(ssid, psk=passphrase, scan_freq="2412",
2418 only_add_network=True)
2419
2420 logger.info("Checking keys in memory before connection")
2421 buf = read_process_memory(pid, pmk)
2422 get_key_locations(buf, pmk, "PMK")
2423
2424 dev[0].connect_network(id, timeout=20)
2425 # The decrypted copy of GTK is freed only after the CTRL-EVENT-CONNECTED
2426 # event has been delivered, so verify that wpa_supplicant has returned to
2427 # eloop before reading process memory.
2428 time.sleep(1)
2429 dev[0].ping()
2430
2431 buf = read_process_memory(pid, pmk)
2432
2433 dev[0].request("DISCONNECT")
2434 dev[0].wait_disconnected()
2435
2436 dev[0].relog()
2437 ptk = None
2438 gtk = None
2439 with open(os.path.join(params['logdir'], 'log0'), 'r') as f:
2440 for l in f.readlines():
2441 if "WPA: PTK - hexdump" in l:
2442 val = l.strip().split(':')[3].replace(' ', '')
2443 ptk = binascii.unhexlify(val)
2444 if "WPA: Group Key - hexdump" in l:
2445 val = l.strip().split(':')[3].replace(' ', '')
2446 gtk = binascii.unhexlify(val)
2447 if not pmk or not ptk or not gtk:
2448 raise Exception("Could not find keys from debug log")
2449 if len(gtk) != 16:
2450 raise Exception("Unexpected GTK length")
2451
2452 kck = ptk[0:16]
2453 kek = ptk[16:32]
2454 tk = ptk[32:48]
2455
2456 logger.info("Checking keys in memory while associated")
2457 get_key_locations(buf, pmk, "PMK")
2458 if pmk not in buf:
2459 raise HwsimSkip("PMK not found while associated")
2460 if kck not in buf:
2461 raise Exception("KCK not found while associated")
2462 if kek not in buf:
2463 raise Exception("KEK not found while associated")
2464 #if tk in buf:
2465 # raise Exception("TK found from memory")
2466
2467 logger.info("Checking keys in memory after disassociation")
2468 buf = read_process_memory(pid, pmk)
2469 get_key_locations(buf, pmk, "PMK")
2470
2471 # Note: PMK/PSK is still present in network configuration
2472
2473 fname = os.path.join(params['logdir'],
2474 'wpa2_psk_key_lifetime_in_memory.memctx-')
2475 verify_not_present(buf, kck, fname, "KCK")
2476 verify_not_present(buf, kek, fname, "KEK")
2477 verify_not_present(buf, tk, fname, "TK")
2478 if gtk in buf:
2479 get_key_locations(buf, gtk, "GTK")
2480 verify_not_present(buf, gtk, fname, "GTK")
2481
2482 dev[0].request("REMOVE_NETWORK all")
2483
2484 logger.info("Checking keys in memory after network profile removal")
2485 buf = read_process_memory(pid, pmk)
2486 get_key_locations(buf, pmk, "PMK")
2487
2488 verify_not_present(buf, pmk, fname, "PMK")
2489 verify_not_present(buf, kck, fname, "KCK")
2490 verify_not_present(buf, kek, fname, "KEK")
2491 verify_not_present(buf, tk, fname, "TK")
2492 verify_not_present(buf, gtk, fname, "GTK")
2493
2494 @remote_compatible
2495 def test_ap_wpa2_psk_wep(dev, apdev):
2496 """WPA2-PSK AP and WEP enabled"""
2497 ssid = "test-wpa2-psk"
2498 passphrase = 'qwertyuiop'
2499 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
2500 hapd = hostapd.add_ap(apdev[0], params)
2501 try:
2502 hapd.set('wep_key0', '"hello"')
2503 raise Exception("WEP key accepted to WPA2 network")
2504 except Exception:
2505 pass
2506
2507 def test_ap_wpa2_psk_wpas_in_bridge(dev, apdev):
2508 """WPA2-PSK AP and wpas interface in a bridge"""
2509 br_ifname = 'sta-br0'
2510 ifname = 'wlan5'
2511 try:
2512 _test_ap_wpa2_psk_wpas_in_bridge(dev, apdev)
2513 finally:
2514 subprocess.call(['ip', 'link', 'set', 'dev', br_ifname, 'down'])
2515 subprocess.call(['brctl', 'delif', br_ifname, ifname])
2516 subprocess.call(['brctl', 'delbr', br_ifname])
2517 subprocess.call(['iw', ifname, 'set', '4addr', 'off'])
2518
2519 def _test_ap_wpa2_psk_wpas_in_bridge(dev, apdev):
2520 ssid = "test-wpa2-psk"
2521 passphrase = 'qwertyuiop'
2522 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
2523 hapd = hostapd.add_ap(apdev[0], params)
2524
2525 br_ifname = 'sta-br0'
2526 ifname = 'wlan5'
2527 wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
2528 subprocess.call(['brctl', 'addbr', br_ifname])
2529 subprocess.call(['brctl', 'setfd', br_ifname, '0'])
2530 subprocess.call(['ip', 'link', 'set', 'dev', br_ifname, 'up'])
2531 subprocess.call(['iw', ifname, 'set', '4addr', 'on'])
2532 subprocess.check_call(['brctl', 'addif', br_ifname, ifname])
2533 wpas.interface_add(ifname, br_ifname=br_ifname)
2534 wpas.dump_monitor()
2535
2536 wpas.connect(ssid, psk=passphrase, scan_freq="2412")
2537 wpas.dump_monitor()
2538
2539 @remote_compatible
2540 def test_ap_wpa2_psk_ifdown(dev, apdev):
2541 """AP with open mode and external ifconfig down"""
2542 ssid = "test-wpa2-psk"
2543 passphrase = 'qwertyuiop'
2544 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
2545 hapd = hostapd.add_ap(apdev[0], params)
2546 bssid = apdev[0]['bssid']
2547
2548 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
2549 hapd.cmd_execute(['ip', 'link', 'set', 'dev', apdev[0]['ifname'], 'down'])
2550 ev = hapd.wait_event(["INTERFACE-DISABLED"], timeout=10)
2551 if ev is None:
2552 raise Exception("No INTERFACE-DISABLED event")
2553 # this wait tests beacon loss detection in mac80211
2554 dev[0].wait_disconnected()
2555 hapd.cmd_execute(['ip', 'link', 'set', 'dev', apdev[0]['ifname'], 'up'])
2556 ev = hapd.wait_event(["INTERFACE-ENABLED"], timeout=10)
2557 if ev is None:
2558 raise Exception("No INTERFACE-ENABLED event")
2559 dev[0].wait_connected()
2560 hwsim_utils.test_connectivity(dev[0], hapd)
2561
2562 def test_ap_wpa2_psk_drop_first_msg_4(dev, apdev):
2563 """WPA2-PSK and first EAPOL-Key msg 4/4 dropped"""
2564 bssid = apdev[0]['bssid']
2565 ssid = "test-wpa2-psk"
2566 passphrase = 'qwertyuiop'
2567 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
2568 params = hostapd.wpa2_params(ssid=ssid)
2569 params['wpa_psk'] = psk
2570 hapd = hostapd.add_ap(apdev[0], params)
2571 hapd.request("SET ext_eapol_frame_io 1")
2572 dev[0].request("SET ext_eapol_frame_io 1")
2573 dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False)
2574 addr = dev[0].own_addr()
2575
2576 # EAPOL-Key msg 1/4
2577 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
2578 if ev is None:
2579 raise Exception("Timeout on EAPOL-TX from hostapd")
2580 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
2581 if "OK" not in res:
2582 raise Exception("EAPOL_RX to wpa_supplicant failed")
2583
2584 # EAPOL-Key msg 2/4
2585 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
2586 if ev is None:
2587 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
2588 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
2589 if "OK" not in res:
2590 raise Exception("EAPOL_RX to hostapd failed")
2591
2592 # EAPOL-Key msg 3/4
2593 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
2594 if ev is None:
2595 raise Exception("Timeout on EAPOL-TX from hostapd")
2596 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
2597 if "OK" not in res:
2598 raise Exception("EAPOL_RX to wpa_supplicant failed")
2599
2600 # EAPOL-Key msg 4/4
2601 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
2602 if ev is None:
2603 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
2604 logger.info("Drop the first EAPOL-Key msg 4/4")
2605
2606 # wpa_supplicant believes now that 4-way handshake succeeded; hostapd
2607 # doesn't. Use normal EAPOL TX/RX to handle retries.
2608 hapd.request("SET ext_eapol_frame_io 0")
2609 dev[0].request("SET ext_eapol_frame_io 0")
2610 dev[0].wait_connected()
2611
2612 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=15)
2613 if ev is None:
2614 raise Exception("Timeout on AP-STA-CONNECTED from hostapd")
2615
2616 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=0.1)
2617 if ev is not None:
2618 logger.info("Disconnection detected")
2619 # The EAPOL-Key retries are supposed to allow the connection to be
2620 # established without having to reassociate. However, this does not
2621 # currently work since mac80211 ends up encrypting EAPOL-Key msg 4/4
2622 # after the pairwise key has been configured and AP will drop those and
2623 # disconnect the station after reaching retransmission limit. Connection
2624 # is then established after reassociation. Once that behavior has been
2625 # optimized to prevent EAPOL-Key frame encryption for retransmission
2626 # case, this exception can be uncommented here.
2627 #raise Exception("Unexpected disconnection")
2628
2629 @remote_compatible
2630 def test_ap_wpa2_psk_disable_enable(dev, apdev):
2631 """WPA2-PSK AP getting disabled and re-enabled"""
2632 ssid = "test-wpa2-psk"
2633 passphrase = 'qwertyuiop'
2634 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
2635 params = hostapd.wpa2_params(ssid=ssid)
2636 params['wpa_psk'] = psk
2637 hapd = hostapd.add_ap(apdev[0], params)
2638 dev[0].connect(ssid, raw_psk=psk, scan_freq="2412")
2639
2640 for i in range(2):
2641 hapd.request("DISABLE")
2642 dev[0].wait_disconnected()
2643 hapd.request("ENABLE")
2644 dev[0].wait_connected()
2645 hwsim_utils.test_connectivity(dev[0], hapd)
2646
2647 @remote_compatible
2648 def test_ap_wpa2_psk_incorrect_passphrase(dev, apdev):
2649 """WPA2-PSK AP and station using incorrect passphrase"""
2650 ssid = "test-wpa2-psk"
2651 passphrase = 'qwertyuiop'
2652 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
2653 hapd = hostapd.add_ap(apdev[0], params)
2654 dev[0].connect(ssid, psk="incorrect passphrase", scan_freq="2412",
2655 wait_connect=False)
2656 ev = hapd.wait_event(["AP-STA-POSSIBLE-PSK-MISMATCH"], timeout=10)
2657 if ev is None:
2658 raise Exception("No AP-STA-POSSIBLE-PSK-MISMATCH reported")
2659 dev[0].dump_monitor()
2660
2661 hapd.disable()
2662 hapd.set("wpa_passphrase", "incorrect passphrase")
2663 hapd.enable()
2664
2665 dev[0].wait_connected(timeout=20)
2666
2667 @remote_compatible
2668 def test_ap_wpa_ie_parsing(dev, apdev):
2669 """WPA IE parsing"""
2670 skip_with_fips(dev[0])
2671 ssid = "test-wpa-psk"
2672 passphrase = 'qwertyuiop'
2673 params = hostapd.wpa_params(ssid=ssid, passphrase=passphrase)
2674 hapd = hostapd.add_ap(apdev[0], params)
2675 id = dev[0].connect(ssid, psk=passphrase, scan_freq="2412",
2676 only_add_network=True)
2677
2678 tests = ["dd040050f201",
2679 "dd050050f20101",
2680 "dd060050f2010100",
2681 "dd060050f2010001",
2682 "dd070050f201010000",
2683 "dd080050f20101000050",
2684 "dd090050f20101000050f2",
2685 "dd0a0050f20101000050f202",
2686 "dd0b0050f20101000050f20201",
2687 "dd0c0050f20101000050f2020100",
2688 "dd0c0050f20101000050f2020000",
2689 "dd0c0050f20101000050f202ffff",
2690 "dd0d0050f20101000050f202010000",
2691 "dd0e0050f20101000050f20201000050",
2692 "dd0f0050f20101000050f20201000050f2",
2693 "dd100050f20101000050f20201000050f202",
2694 "dd110050f20101000050f20201000050f20201",
2695 "dd120050f20101000050f20201000050f2020100",
2696 "dd120050f20101000050f20201000050f2020000",
2697 "dd120050f20101000050f20201000050f202ffff",
2698 "dd130050f20101000050f20201000050f202010000",
2699 "dd140050f20101000050f20201000050f20201000050",
2700 "dd150050f20101000050f20201000050f20201000050f2"]
2701 for t in tests:
2702 try:
2703 if "OK" not in dev[0].request("VENDOR_ELEM_ADD 13 " + t):
2704 raise Exception("VENDOR_ELEM_ADD failed")
2705 dev[0].select_network(id)
2706 ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout=10)
2707 if ev is None:
2708 raise Exception("Association rejection not reported")
2709 dev[0].request("DISCONNECT")
2710 dev[0].dump_monitor()
2711 finally:
2712 dev[0].request("VENDOR_ELEM_REMOVE 13 *")
2713
2714 tests = ["dd170050f20101000050f20201000050f20201000050f202ff",
2715 "dd180050f20101000050f20201000050f20201000050f202ffff",
2716 "dd190050f20101000050f20201000050f20201000050f202ffffff"]
2717 for t in tests:
2718 try:
2719 if "OK" not in dev[0].request("VENDOR_ELEM_ADD 13 " + t):
2720 raise Exception("VENDOR_ELEM_ADD failed")
2721 dev[0].select_network(id)
2722 ev = dev[0].wait_event(['CTRL-EVENT-CONNECTED',
2723 'WPA: 4-Way Handshake failed'], timeout=10)
2724 if ev is None:
2725 raise Exception("Association failed unexpectedly")
2726 dev[0].request("DISCONNECT")
2727 dev[0].dump_monitor()
2728 finally:
2729 dev[0].request("VENDOR_ELEM_REMOVE 13 *")
2730
2731 @remote_compatible
2732 def test_ap_wpa2_psk_no_random(dev, apdev):
2733 """WPA2-PSK AP and no random numbers available"""
2734 ssid = "test-wpa2-psk"
2735 passphrase = 'qwertyuiop'
2736 psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
2737 params = hostapd.wpa2_params(ssid=ssid)
2738 params['wpa_psk'] = psk
2739 hapd = hostapd.add_ap(apdev[0], params)
2740 with fail_test(hapd, 1, "wpa_gmk_to_gtk"):
2741 id = dev[0].connect(ssid, raw_psk=psk, scan_freq="2412",
2742 wait_connect=False)
2743 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=15)
2744 if ev is None:
2745 raise Exception("Disconnection event not reported")
2746 dev[0].request("DISCONNECT")
2747 dev[0].select_network(id, freq=2412)
2748 dev[0].wait_connected()
2749
2750 @remote_compatible
2751 def test_rsn_ie_proto_psk_sta(dev, apdev):
2752 """RSN element protocol testing for PSK cases on STA side"""
2753 bssid = apdev[0]['bssid']
2754 ssid = "test-wpa2-psk"
2755 passphrase = 'qwertyuiop'
2756 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
2757 # This is the RSN element used normally by hostapd
2758 params['own_ie_override'] = '30140100000fac040100000fac040100000fac020c00'
2759 hapd = hostapd.add_ap(apdev[0], params)
2760 if "FAIL" not in hapd.request("SET own_ie_override qwerty"):
2761 raise Exception("Invalid own_ie_override value accepted")
2762 id = dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
2763
2764 tests = [('No RSN Capabilities field',
2765 '30120100000fac040100000fac040100000fac02'),
2766 ('Reserved RSN Capabilities bits set',
2767 '30140100000fac040100000fac040100000fac023cff'),
2768 ('Truncated RSN Capabilities field',
2769 '30130100000fac040100000fac040100000fac023c'),
2770 ('Extra pairwise cipher suite (unsupported)',
2771 '30180100000fac040200ffffffff000fac040100000fac020c00'),
2772 ('Extra AKM suite (unsupported)',
2773 '30180100000fac040100000fac040200ffffffff000fac020c00'),
2774 ('PMKIDCount field included',
2775 '30160100000fac040100000fac040100000fac020c000000'),
2776 ('Truncated PMKIDCount field',
2777 '30150100000fac040100000fac040100000fac020c0000'),
2778 ('Unexpected Group Management Cipher Suite with PMF disabled',
2779 '301a0100000fac040100000fac040100000fac020c000000000fac06'),
2780 ('Extra octet after defined fields (future extensibility)',
2781 '301b0100000fac040100000fac040100000fac020c000000000fac0600')]
2782 for txt, ie in tests:
2783 dev[0].request("DISCONNECT")
2784 dev[0].wait_disconnected()
2785 dev[0].dump_monitor()
2786 dev[0].request("NOTE " + txt)
2787 logger.info(txt)
2788 hapd.disable()
2789 hapd.set('own_ie_override', ie)
2790 hapd.enable()
2791 dev[0].request("BSS_FLUSH 0")
2792 dev[0].scan_for_bss(bssid, 2412, force_scan=True, only_new=True)
2793 dev[0].select_network(id, freq=2412)
2794 dev[0].wait_connected()
2795
2796 @remote_compatible
2797 def test_ap_cli_order(dev, apdev):
2798 ssid = "test-rsn-setup"
2799 passphrase = 'zzzzzzzz'
2800
2801 hapd = hostapd.add_ap(apdev[0], {}, no_enable=True)
2802 hapd.set('ssid', ssid)
2803 hapd.set('wpa_passphrase', passphrase)
2804 hapd.set('rsn_pairwise', 'CCMP')
2805 hapd.set('wpa_key_mgmt', 'WPA-PSK')
2806 hapd.set('wpa', '2')
2807 hapd.enable()
2808 cfg = hapd.get_config()
2809 if cfg['group_cipher'] != 'CCMP':
2810 raise Exception("Unexpected group_cipher: " + cfg['group_cipher'])
2811 if cfg['rsn_pairwise_cipher'] != 'CCMP':
2812 raise Exception("Unexpected rsn_pairwise_cipher: " + cfg['rsn_pairwise_cipher'])
2813
2814 ev = hapd.wait_event(["AP-ENABLED", "AP-DISABLED"], timeout=30)
2815 if ev is None:
2816 raise Exception("AP startup timed out")
2817 if "AP-ENABLED" not in ev:
2818 raise Exception("AP startup failed")
2819
2820 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
2821
2822 def set_test_assoc_ie(dev, ie):
2823 if "OK" not in dev.request("TEST_ASSOC_IE " + ie):
2824 raise Exception("Could not set TEST_ASSOC_IE")
2825
2826 @remote_compatible
2827 def test_ap_wpa2_psk_assoc_rsn(dev, apdev):
2828 """WPA2-PSK AP and association request RSN IE differences"""
2829 ssid = "test-wpa2-psk"
2830 passphrase = 'qwertyuiop'
2831 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
2832 hapd = hostapd.add_ap(apdev[0], params)
2833
2834 tests = [("Normal wpa_supplicant assoc req RSN IE",
2835 "30140100000fac040100000fac040100000fac020000"),
2836 ("RSN IE without RSN Capabilities",
2837 "30120100000fac040100000fac040100000fac02")]
2838 for title, ie in tests:
2839 logger.info(title)
2840 set_test_assoc_ie(dev[0], ie)
2841 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
2842 dev[0].request("REMOVE_NETWORK all")
2843 dev[0].wait_disconnected()
2844
2845 tests = [("WPA IE instead of RSN IE and only RSN enabled on AP",
2846 "dd160050f20101000050f20201000050f20201000050f202", 40),
2847 ("Empty RSN IE", "3000", 40),
2848 ("RSN IE with truncated Version", "300101", 40),
2849 ("RSN IE with only Version", "30020100", 43)]
2850 for title, ie, status in tests:
2851 logger.info(title)
2852 set_test_assoc_ie(dev[0], ie)
2853 dev[0].connect(ssid, psk=passphrase, scan_freq="2412",
2854 wait_connect=False)
2855 ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"])
2856 if ev is None:
2857 raise Exception("Association rejection not reported")
2858 if "status_code=" + str(status) not in ev:
2859 raise Exception("Unexpected status code: " + ev)
2860 dev[0].request("REMOVE_NETWORK all")
2861 dev[0].dump_monitor()
2862
2863 def test_ap_wpa2_psk_ft_workaround(dev, apdev):
2864 """WPA2-PSK+FT AP and workaround for incorrect STA behavior"""
2865 ssid = "test-wpa2-psk-ft"
2866 passphrase = 'qwertyuiop'
2867
2868 params = {"wpa": "2",
2869 "wpa_key_mgmt": "FT-PSK WPA-PSK",
2870 "rsn_pairwise": "CCMP",
2871 "ssid": ssid,
2872 "wpa_passphrase": passphrase}
2873 params["mobility_domain"] = "a1b2"
2874 params["r0_key_lifetime"] = "10000"
2875 params["pmk_r1_push"] = "1"
2876 params["reassociation_deadline"] = "1000"
2877 params['nas_identifier'] = "nas1.w1.fi"
2878 params['r1_key_holder'] = "000102030405"
2879 hapd = hostapd.add_ap(apdev[0], params)
2880
2881 # Include both WPA-PSK and FT-PSK AKMs in Association Request frame
2882 set_test_assoc_ie(dev[0],
2883 "30180100000fac040100000fac040200000fac02000fac040000")
2884 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
2885 dev[0].request("REMOVE_NETWORK all")
2886 dev[0].wait_disconnected()
2887
2888 def test_ap_wpa2_psk_assoc_rsn_pmkid(dev, apdev):
2889 """WPA2-PSK AP and association request RSN IE with PMKID"""
2890 ssid = "test-wpa2-psk"
2891 passphrase = 'qwertyuiop'
2892 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
2893 hapd = hostapd.add_ap(apdev[0], params)
2894
2895 set_test_assoc_ie(dev[0], "30260100000fac040100000fac040100000fac0200000100" + 16*'00')
2896 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
2897 dev[0].request("REMOVE_NETWORK all")
2898 dev[0].wait_disconnected()
2899
2900 def test_ap_wpa_psk_rsn_pairwise(dev, apdev):
2901 """WPA-PSK AP and only rsn_pairwise set"""
2902 params = {"ssid": "wpapsk", "wpa": "1", "wpa_key_mgmt": "WPA-PSK",
2903 "rsn_pairwise": "TKIP", "wpa_passphrase": "1234567890"}
2904 hapd = hostapd.add_ap(apdev[0], params)
2905 dev[0].connect("wpapsk", psk="1234567890", proto="WPA", pairwise="TKIP",
2906 scan_freq="2412")
2907
2908 def test_ap_wpa2_eapol_retry_limit(dev, apdev):
2909 """WPA2-PSK EAPOL-Key retry limit configuration"""
2910 ssid = "test-wpa2-psk"
2911 passphrase = 'qwertyuiop'
2912 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
2913 params['wpa_ptk_rekey'] = '2'
2914 params['wpa_group_update_count'] = '1'
2915 params['wpa_pairwise_update_count'] = '1'
2916 hapd = hostapd.add_ap(apdev[0], params)
2917 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
2918 ev = dev[0].wait_event(["WPA: Key negotiation completed"])
2919 if ev is None:
2920 raise Exception("PTK rekey timed out")
2921
2922 if "FAIL" not in hapd.request("SET wpa_group_update_count 0"):
2923 raise Exception("Invalid wpa_group_update_count value accepted")
2924 if "FAIL" not in hapd.request("SET wpa_pairwise_update_count 0"):
2925 raise Exception("Invalid wpa_pairwise_update_count value accepted")
2926
2927 def test_ap_wpa2_disable_eapol_retry(dev, apdev):
2928 """WPA2-PSK disable EAPOL-Key retry"""
2929 ssid = "test-wpa2-psk"
2930 passphrase = 'qwertyuiop'
2931 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
2932 params['wpa_disable_eapol_key_retries'] = '1'
2933 hapd = hostapd.add_ap(apdev[0], params)
2934 bssid = apdev[0]['bssid']
2935
2936 logger.info("Verify working 4-way handshake without retries")
2937 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
2938 dev[0].request("REMOVE_NETWORK all")
2939 dev[0].wait_disconnected()
2940 dev[0].dump_monitor()
2941 addr = dev[0].own_addr()
2942
2943 logger.info("Verify no retransmission of message 3/4")
2944 hapd.request("SET ext_eapol_frame_io 1")
2945 dev[0].request("SET ext_eapol_frame_io 1")
2946 dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False)
2947
2948 ev = hapd.wait_event(["EAPOL-TX"], timeout=5)
2949 if ev is None:
2950 raise Exception("Timeout on EAPOL-TX (M1) from hostapd")
2951 ev = hapd.wait_event(["EAPOL-TX"], timeout=5)
2952 if ev is None:
2953 raise Exception("Timeout on EAPOL-TX (M1 retry) from hostapd")
2954 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
2955 if "OK" not in res:
2956 raise Exception("EAPOL_RX (M1) to wpa_supplicant failed")
2957 ev = dev[0].wait_event(["EAPOL-TX"], timeout=5)
2958 if ev is None:
2959 raise Exception("Timeout on EAPOL-TX (M2) from wpa_supplicant")
2960 dev[0].dump_monitor()
2961 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
2962 if "OK" not in res:
2963 raise Exception("EAPOL_RX (M2) to hostapd failed")
2964
2965 ev = hapd.wait_event(["EAPOL-TX"], timeout=5)
2966 if ev is None:
2967 raise Exception("Timeout on EAPOL-TX (M3) from hostapd")
2968 ev = hapd.wait_event(["EAPOL-TX"], timeout=2)
2969 if ev is not None:
2970 raise Exception("Unexpected EAPOL-TX M3 retry from hostapd")
2971 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=3)
2972 if ev is None:
2973 raise Exception("Disconnection not reported")
2974 dev[0].request("REMOVE_NETWORK all")
2975 dev[0].dump_monitor()
2976
2977 def test_ap_wpa2_disable_eapol_retry_group(dev, apdev):
2978 """WPA2-PSK disable EAPOL-Key retry for group handshake"""
2979 ssid = "test-wpa2-psk"
2980 passphrase = 'qwertyuiop'
2981 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
2982 params['wpa_disable_eapol_key_retries'] = '1'
2983 params['wpa_strict_rekey'] = '1'
2984 hapd = hostapd.add_ap(apdev[0], params)
2985 bssid = apdev[0]['bssid']
2986
2987 id = dev[1].connect(ssid, psk=passphrase, scan_freq="2412")
2988 dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
2989 dev[0].dump_monitor()
2990 addr = dev[0].own_addr()
2991
2992 dev[1].request("DISCONNECT")
2993 ev = dev[0].wait_event(["WPA: Group rekeying completed"], timeout=2)
2994 if ev is None:
2995 raise Exception("GTK rekey timed out")
2996 dev[1].request("RECONNECT")
2997 dev[1].wait_connected()
2998 dev[0].dump_monitor()
2999
3000 hapd.request("SET ext_eapol_frame_io 1")
3001 dev[0].request("SET ext_eapol_frame_io 1")
3002 dev[1].request("DISCONNECT")
3003
3004 ev = hapd.wait_event(["EAPOL-TX"], timeout=5)
3005 if ev is None:
3006 raise Exception("Timeout on EAPOL-TX (group M1) from hostapd")
3007 ev = hapd.wait_event(["EAPOL-TX"], timeout=2)
3008 if ev is not None:
3009 raise Exception("Unexpected EAPOL-TX group M1 retry from hostapd")
3010 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=3)
3011 if ev is None:
3012 raise Exception("Disconnection not reported")
3013 dev[0].request("REMOVE_NETWORK all")
3014 dev[0].dump_monitor()
3015
3016 def test_ap_wpa2_psk_mic_0(dev, apdev):
3017 """WPA2-PSK/TKIP and MIC=0 in EAPOL-Key msg 3/4"""
3018 bssid = apdev[0]['bssid']
3019 ssid = "test-wpa2-psk"
3020 passphrase = 'qwertyuiop'
3021 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
3022 params['rsn_pairwise'] = "TKIP"
3023 hapd = hostapd.add_ap(apdev[0], params)
3024 hapd.request("SET ext_eapol_frame_io 1")
3025 dev[0].request("SET ext_eapol_frame_io 1")
3026 dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False)
3027 addr = dev[0].own_addr()
3028
3029 # EAPOL-Key msg 1/4
3030 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
3031 if ev is None:
3032 raise Exception("Timeout on EAPOL-TX from hostapd")
3033 res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
3034 if "OK" not in res:
3035 raise Exception("EAPOL_RX to wpa_supplicant failed")
3036
3037 # EAPOL-Key msg 2/4
3038 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
3039 if ev is None:
3040 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
3041 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
3042 if "OK" not in res:
3043 raise Exception("EAPOL_RX to hostapd failed")
3044 dev[0].dump_monitor()
3045
3046 # EAPOL-Key msg 3/4
3047 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
3048 if ev is None:
3049 raise Exception("Timeout on EAPOL-TX from hostapd")
3050 msg3 = ev.split(' ')[2]
3051 res = dev[0].request("EAPOL_RX " + bssid + " " + msg3)
3052 if "OK" not in res:
3053 raise Exception("EAPOL_RX to wpa_supplicant failed")
3054
3055 # EAPOL-Key msg 4/4
3056 ev = dev[0].wait_event(["EAPOL-TX"], timeout=15)
3057 if ev is None:
3058 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
3059 # Do not send to the AP
3060
3061 # EAPOL-Key msg 3/4 with MIC=0 and modifications
3062 eapol_hdr = msg3[0:8]
3063 key_type = msg3[8:10]
3064 key_info = msg3[10:14]
3065 key_length = msg3[14:18]
3066 replay_counter = msg3[18:34]
3067 key_nonce = msg3[34:98]
3068 key_iv = msg3[98:130]
3069 key_rsc = msg3[130:146]
3070 key_id = msg3[146:162]
3071 key_mic = msg3[162:194]
3072 key_data_len = msg3[194:198]
3073 key_data = msg3[198:]
3074
3075 msg3b = eapol_hdr + key_type
3076 msg3b += "12c9" # Clear MIC bit from key_info (originally 13c9)
3077 msg3b += key_length
3078 msg3b += '0000000000000003'
3079 msg3b += key_nonce + key_iv + key_rsc + key_id
3080 msg3b += 32*'0' # Clear MIC value
3081 msg3b += key_data_len + key_data
3082 dev[0].dump_monitor()
3083 res = dev[0].request("EAPOL_RX " + bssid + " " + msg3b)
3084 if "OK" not in res:
3085 raise Exception("EAPOL_RX to wpa_supplicant failed")
3086 ev = dev[0].wait_event(["EAPOL-TX", "WPA: Ignore EAPOL-Key"], timeout=2)
3087 if ev is None:
3088 raise Exception("No event from wpa_supplicant")
3089 if "EAPOL-TX" in ev:
3090 raise Exception("Unexpected EAPOL-Key message from wpa_supplicant")
3091 dev[0].request("DISCONNECT")
Unnamed repository; edit this file 'description' to name the repository.